OwnID provides templates for the three request handlers you’ll host on your web server. These form the endpoints called from the OwnID platform, using signed HTTP requests.

These endpoints provide the connection between OwnId and your server for exchange user authentication data. That data is what you save in the ownIdData field you created in your database user table.

Add Web Server Request Handlers

Below are code templates for each of the three request handlers needed to implement your server-side endpoints:

  • Set OwnIdData - setOwnIDDataByLoginId

  • Get OwnIdData - getOwnIDDataByLoginId

  • Get Session - getSessionByLoginId

When the OwnID server receives a login event from your frontend, it then makes the appropriate HTTP requests to these endpoints.

The user’s login id (typically the user’s email address) is the unique identifier used to look up and save records in the ownIdData field.

Select the tab matching your server-side language in the sample templates below.

Endpoint 1 - Set OwnIdData

This endpoint handles a request to save an ownIdData record for a given loginId when the user enrolls a new device. This is the VARCHAR field you created previously. It holds the public key of the device used for biometric authentication.

Sample request handler for setting an OwnIDData record by user login id. (setOwnIDDataByLoginId)

Response
Implement these responses for setOwnIDDataByLoginId:

StatusDescriptionReturn
204Request successfulreturn empty body

Example:

204 - Request successful
{}

Endpoint 2 - Get OwnIdData

This endpoint handles a request to fetch an ownIdData record for a given user’s login id.

Sample request handler for getOwnIDDataByLoginId endpoint

Response

Implement these responses for getOwnIDDataByLoginId:

StatusDescriptionReturn
200User found and has ownIdDatareturn ownIdData String
204User found but doesn’t have ownIdDatareturn empty body
404User not foundreturn empty body

Examples:

Endpoint 3 - Get Session

Handle a request to fetch a token for the current session by user’s email address.

Note that token is a unique session identifier that you generate. OwnID does not validate or use the token in any way, it merely passes the token back to you so you can identify the session it’s associated with.

Later, we’ll see how the OwnID login event returns this value in the frontend to establish a client session.

Sample request handler for getSessionByLoginId endpoint.

Response

Implement these responses for getSessionByLoginId:

StatusDescriptionReturn
200Request successfulreturn object or String (e.g: jwt)

Example:


What’s in the Request headers?
You might notice two values in request headers from the OwnID plaform:

  • ownid-signature
  • ownid-timestamp

These are part of securing your integration before going live. We’ll address these parameters separately on the security page after you integration is complete.

Next Steps

With the request handlers in place, you’re ready to build the frontend integrations for login, registration, account recovery, and more.

Build Frontend User Journey

Integrate the OwnID SDK in your frontend journeys.