AuthRocket is comprised of 3 different APIs: the AuthRocket Core API, the AuthRocket Extended API, and the LoginRocket API.
This document covers how to make requests with the LoginRocket API (via
*.loginrocket.com). To access the AuthRocket APIs, see Accessing the AuthRocket APIs.
This API requires that LoginRocket be enabled. It is enabled by default for all new Realms. If needed, it can be enabled at Realm -> Settings -> LoginRocket.
Additionally, at least one Connected App must exist and be active (see Realm -> Settings -> Connected Apps).
TLS is required.
The endpoint to use is based on your LoginRocket URL. In the AuthRocket portal, go to Realm -> Integration and look for the LoginRocket URL.
If you have multiple Connected Apps, each will have its own endpoint to access the LoginRocket API.
All LoginRocket endpoints will end with
All requests can be sent as POST or GET. The API examples use POST, which is appropriate for normal AJAX requests. CORS is supported.
If using JSONP, use GET requests instead.
Calls to the LoginRocket API are tightly rate limited to prevent abuse.
The API only sends JSON responses. All API requests must indicate that they are requesting JSON payloads:
Because these are user-facing APIs, no authenication is required. API calls are associated with the proper realm based on the endpoint’s subdomain.
Payloads sent to the API via POST requests may be sent as JSON or as standard url-encoded form data.
Content-type: application/json Content-type: application/x-www-form-urlencoded
If you’d like login sessions to include the user’s client, send a meaningful
User-Agent header (or use the browser’s default).
User-agent: <Browser, library, or app information>
Responses from the API will indicate the delivery of a JSON payload:
All API responses will include X-Request-ID, which is unique to each request. If you have a question about a specific API call, sending the request ID will make it much easier for us to help you debug the issue.