API Changes from v1 to v2

A number of changes were made between AuthRocket 1 and AuthRocket 2. Many of these changes affect the APIs, which are outlined below.

New features and fields are not included here unless they replace something else removed from v1.

The path prefix for all API methods has changed from /v1 to /v2. The endpoint hostnames have also changed and are provided when generating a new API key.

Additionally, the text of several error messages has been updated.

Headers

AuthRocket-specific headers are no longer prefixed by x-.

In addition to AuthRocket-specific headers, authentication is now supported using an Authorization bearer token.

Status Codes

401 and 429 are no longer returned for user authentication failures (eg: bad password) or rate limits (eg: too many password attempts). Those errors are now returned as messages inside a normal 422 validation error.

For 429 errors, the rate limit headers are no longer prefixed by x-. Ratelimit-Reset now contains a standard HTTP date instead of a time_t epoch.

For 422 errors, errors is now a simple array of error messages instead of a hash/dict.

Core API

Credentials

External auth providers

Memberships

Sessions

Users

Users has been simplified to remove api type users. All users are now the equivalent of v1’s human type.

Extended API (now Configuration API)

User management related APIs have been moved to the Core API. The rest of the Extended API has been renamed to the Configuration API.

LoginRocket API

The LoginRocket API is not currently available in LR 2. Likewise, authrocket.js, the SDK for the LR 1 API, is not currently supported. If either of these are important to you, please let us know.

LoginRocket 2 is significantly more capable than LoginRocket 1. As such, some features previously only available via the LR 1 API are now part of the LR 2 web UI, such as changing passwords. Additionally, LR 2 adds user profile management, multi-org (account) selection and management, and more.