Passwords & Logins

Quick facts

Some information on persons and their login

  • Each person can have exactly one username (alpha-numeric) and password (alpha-numeric)
  • Passwords are never stored as plain-text within Hublify
  • Hublify supports temporary suspending of existing logins
  • Hublify supports password-forgotten mechanism
  • Hublify supports one-login-tokens (with time-out function)

 

Prerequisites

You should have

  • an user-account enabled for api access & PIM access
  • an api-client
  • at least one person-record stored in your Hublify CRM

 

Setting a new password

In order to update a person's password, you simply use the standard data-update endpoint.

If the new password does not meet the configured complexity-requirements the complete update request ist not executed.

 

Request URL

https://{your hublify url}/api/eos_10/data_update

Request parameter

{
    "dataset": "person",
    "fields": {
        "p_login_pwd_plain": "<new password>"
    },
    "filter": {
        "personid": "<PersonId>"         // 
    }
}

Response

{
    "status": true
}

 

 

Getting a person's password

"Sorry"! There is for security reasons no possibility to get a persons password! Neither for you nor for Hublify employees.

 

Checking password-strength

You can do live checks on the quality of a provided plain-text password.
Use this endpoint if want to check before executing a data_create or data_update for a person-record if the new password would fulfill the password requirements.

 

Request URL

https://{your hublify url}/api/eos_10/person_getPasswordQuality

Request parameter

{
    "password": "<the plain-text password>"
}

Response

{
    "status": true,     // TRUE if password is sufficient

    "msg": [ ... ]      // In case of error, here are i18n-messages provided.
}

 

 

Login: Authenticate a person

You can use a special endpoint in the functional api to perform a Hublify-based login for person in your Hublify CRM.

Using this endpoint includes following actions and events

  • Checks for existing username
  • Compares with encrypted stored password
  • Sets the "last-login-time" in person-record
  • [ Trigger automatic on-login processes ]

 

SECURITY: Be sure to have SSL especially on this api request enabled (... as actually for all other requests as well). 

 

Request URL

https://{your hublify url}/api/eos_10/person_login

Request parameter

{
    "username": "<username>",
    "password": "<plain-text password>", // The plain-text-password that the user entered for login.
                                         // !!! BE SURE to call the api always with SSL !!!

    "fields": [                          // (optional) Define what fields you want to have directly returned on successful login
        "personid", "firstname", "lastname"
    ]
}

 

Response

{
    "status": true,                      // TRUE: Login successful, else login failed.

    "data": {
        "personid": "<...>",             // The optionally requested fields
        "firstname": "<...>",
        "lastname": "<...>"
    }
}

 

Results

status : TRUE - Login was successful. FALSE if the login failed.

Possible login failure reasons are:

  • unknown username / wrong password
    (There is explicitly no distinction made, for security reasons)
     
  • login temporarily suspended
    (Username correct, Password not checked)