This document covers how to make requests with the LoginRocket API (via
*.loginrocket.com). To access the AuthRocket APIs, see Accessing the AuthRocket APIs.
The LoginRocket API uses the same initial setup as LoginRocket Web.
LoginRocket requires a configured Domain (see Realm -> Settings -> Domains) and an active Connected App (Settings -> Connected Apps).
For most uses, you’ll also need to configure one or more CORS origins (Settings -> CORS Origins).
The LoginRocket API is https only. TLS 1.2+ is required.
The endpoint to use is based on your LoginRocket URL. In the AuthRocket portal, go to Realm -> Integration -> Using LoginRocket and look for the LoginRocket URL.
The LR API is always accessed using the
/v2/ path. For example:
You may also use any configured custom domain. That might look like
CORS is supported and all modern browsers will require it. Add your app’s domains at Settings -> CORS Origins. Paths are not required, but non-default port numbers are. Examples:
http://localhost:4000 (during development).
Calls to the LoginRocket API are tightly rate limited to prevent abuse.
The API only sends JSON responses. All API requests must indicate that they are requesting JSON payloads:
The LoginRocket API’s error messages may be localized. See localization for more details and supported locales.
Because these are user-facing APIs, no API-level authentication is required. APIs calls are associated with the proper realm based on the endpoint’s domain.
Some APIs require an AuthRocket session ID. However, this is always provided as part of the query, not as a request header.
Payloads sent to the API via POST requests may be sent as JSON or as standard url-encoded form data.
Content-type: application/json Content-type: application/x-www-form-urlencoded
Login sessions record the user’s client, when available. Browsers generally set this by default. If you’d like to override it, or are using the API from another platform, send a meaningful
User-agent: <Browser, library, or app information>
If you’re writing an LoginRocket library for use by 3rd-parties, please contact us for further guidance on how to best capture user client information alongside library-specific information (so we can reach out in the event we see something that needs to be addressed).
Responses from the API will indicate the delivery of a JSON payload:
All API responses will include X-Request-ID, which is unique to each request. If you have a question about a specific API call, sending the request ID will make it much easier for us to help you debug the issue.
API responses all deliver an appropriate HTTP
Status: header. The numeric portion of this status code should be checked before attempting to parse the body response. See Status codes for more details.