A number of changes were made between AuthRocket 1 and AuthRocket 2. Many of these changes affect the APIs, which are outlined below.
New features and fields are not included here unless they replace something else removed from v1.
The path prefix for all API methods has changed from /v1 to /v2. The endpoint hostnames have also changed and are provided when generating a new API key.
Additionally, the text of several error messages has been updated.
AuthRocket-specific headers are no longer prefixed by x-
.
In addition to AuthRocket-specific headers, authentication is now supported using an Authorization bearer token.
401 and 429 are no longer returned for user authentication failures (eg: bad password) or user-specific rate limits (eg: too many password attempts). Those errors are now returned as messages inside a normal 422 validation error.
For 429 errors, the rate limit headers are no longer prefixed by x-
. Ratelimit-Reset
now contains a standard HTTP date instead of a time_t epoch.
For 422 errors, errors
is now a simple array of error messages instead of a hash/dict.
credential_type
= api_key
. (See related discussion under Users below.)url
field renamed to auth_url
.org_id
is now required.ar:
are now reserved.sid
claim (session id; starts with kss_
) instead.Users has been simplified to remove api
type users. All users are now the equivalent of v1’s human
type.
user_type
, api_key
, /authenticate_key.email
is now required and must be unique across the realm.username
is now optional and some characters are no longer allowed.user: {password: ...}
.user: {...}
.token
.User management related APIs have been moved to the Core API. The rest of the Extended API has been renamed to the Configuration API.
LoginRocket 2 is significantly more capable than LoginRocket 1. As such, some features previously only available via the LR API are now also part of the LR 2 web UI, such as changing passwords. Additionally, LR 2 adds user profile management, multi-org (account) selection and management, and more.
Parameters and responses for many methods have been updated to match the underlying AR 2 API.
session
.authrocket.js, the LR 1 SDK, has been replaced with loginrocket.js. It no longer requires jquery and is now available as an npm package (@authrocket/loginrocket
).