Build Server-Side Endpoints
Implement your server-side endpoints
OwnID provides templates for the three request handlers you’ll host on your web server. These form the endpoints called from the OwnID platform, using signed HTTP requests.
These endpoints provide the connection between OwnId and your server for exchange user authentication data. That data is what you save in the ownIdData field you created in your database user table.
Add Web Server Request Handlers
Below are code templates for each of the three request handlers needed to implement your server-side endpoints:
-
Set OwnIdData -
setOwnIDDataByLoginId -
Get OwnIdData -
getOwnIDDataByLoginId -
Get Session -
getSessionByLoginId
When the OwnID server receives a login event from your frontend, it then makes the appropriate HTTP requests to these endpoints.
The user’s login id (typically the user’s email address) is the unique identifier used to look up and save records in the ownIdData field.
Select the tab matching your server-side language in the sample templates below.
Endpoint 1 - Set OwnIdData
This endpoint handles a request to save an ownIdData record for a given loginId when the user enrolls a new device. This is the VARCHAR field you created previously. It holds the public key of the device used for biometric authentication.
setOwnIDDataByLoginId)
Response
Implement these responses for setOwnIDDataByLoginId:
| Status | Description | Return |
|---|---|---|
204 | Request successful | return empty body |
Example:
Endpoint 2 - Get OwnIdData
This endpoint handles a request to fetch an ownIdData record for a given user’s login id.
getOwnIDDataByLoginId endpoint
Response
Implement these responses for getOwnIDDataByLoginId:
| Status | Description | Return |
|---|---|---|
200 | User found and has ownIdData | return ownIdData String |
204 | User found but doesn’t have ownIdData | return empty body |
404 | User not found | return empty body |
Examples:
Endpoint 3 - Get Session
Handle a request to fetch a token for the current session by user’s email address.
Note that token is a unique session identifier that you generate. OwnID does not validate or use the token in any way, it merely passes the token back to you so you can identify the session it’s associated with.
Later, we’ll see how the OwnID login event returns this value in the frontend to establish a client session.
Sample request handler forgetSessionByLoginId endpoint.
Response
Implement these responses for getSessionByLoginId:
| Status | Description | Return |
|---|---|---|
200 | Request successful | return object or String (e.g: jwt) |
Example:
What’s in the Request headers?
You might notice two values in request headers from the OwnID plaform:
ownid-signatureownid-timestamp
These are part of securing your integration before going live. We’ll address these parameters separately on the security page after you integration is complete.
Next Steps
With the request handlers in place, you’re ready to build the frontend integrations for login, registration, account recovery, and more.
Build Frontend User Journey
Integrate the OwnID SDK in your frontend journeys.
Was this page helpful?