Security APIs

Security API related to user's payment authorization

Passkey API

registerDevice

Creates a new device public key for the account. This public key is typically used to create the verification key for the passkey from that specific device.

Request Parameters:

  • device_no (string, path, required): The device number for which the public key is being generated.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const generatePublicKey = async () => {
  return await fetch('https://apis.tomo.inc/rain/v2/reg/DEVICE_NO', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    }
  }).then(res => res.json());
};

createPasskey

Generates and assigns a new passkey to a device using its device number and a public key.

Request Body Parameters:

  • device_no (string, required): The device number for which the passkey is being created.

  • pubkey (string, required): The public key associated with the device.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const createPasskey = async () => {
  return await fetch('https://apis.tomo.inc/rain/v2/passkey/create', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    },
    body: JSON.stringify({
      device_no: "DEVICE_NO",
      pubkey: "PUBKEY"
    })
  }).then(res => res.json());
};

checkPasskey

Verifies whether a passkey is associated with a particular device.

Request Parameters:

  • device_no (string, path, required): The device number to check.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const checkPasskey = async () => {
  return await fetch('https://apis.tomo.inc/rain/v2/passkey/check/DEVICE_NO', {
    method: 'GET',
    headers: {
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    }
  }).then(res => res.json());
};

validatePasskey

Validates a passkey by verifying the signature of a submitted message, ensuring the passkey belongs to the device.

Request Body Parameters:

  • device_no (string, required): The device number associated with the passkey.

  • message (string, required): The message that was signed.

  • sig (string, required): The signature of the message.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const validatePasskey = async () => {
  return await fetch('https://apis.tomo.inc/rain/v2/passkey/validate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    },
    body: JSON.stringify({
      device_no: "DEVICE_NO",
      message: "MESSAGE",
      sig: "SIGNATURE"
    })
  }).then(res => res.json());
};

Password API

checkPassword

Check if the user's payment password exists and is correct.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const checkPassword = async () => {
  return await fetch('https://apis.tomo.inc/wind/v1/payment/passwd/check', {
    method: 'GET',
    headers: {
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    }
  }).then(res => res.json());
};

setPassword

Allows users to set a new payment password.

Request Body Parameters:

  • passwd (string, required): The new password the user wants to set.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const setPassword = async () => {
  return await fetch('https://apis.tomo.inc/wind/v1/payment/passwd/set', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    },
    body: JSON.stringify({
      passwd: "newPassword123"
    })
  }).then(res => res.json());
};

validatePassword

Validate the user's payment password to confirm it is correct.

Request Body Parameters:

  • passwd (string, required): The password to validate.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const validatePassword = async () => {
  return await fetch('https://apis.tomo.inc/wind/v1/payment/passwd/validate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    },
    body: JSON.stringify({
      passwd: "password123"
    })
  }).then(res => res.json());
};

changePassword

Allows users to change their existing payment password by providing the old and new passwords.

Request Body Parameters:

  • new_passwd (string, required): The new password the user wants to set.

  • old_passwd (string, required): The current password the user is using.

Header Parameters:

  • Authorization (string, optional): The authorization token for secure access.

const changePassword = async () => {
  return await fetch('https://apis.tomo.inc/wind/v1/payment/passwd/change', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
    },
    body: JSON.stringify({
      new_passwd: "newPassword123",
      old_passwd: "oldPassword123"
    })
  }).then(res => res.json());
};

PreviousAccount APIsNextChains Supported

Last updated