# Access

Manage authentication for your users.

## Login with password

 - [POST /login_with_password](https://api.weavr.io/products/multi/openapi/access/loginwithpassword.md): Authenticate a user with the email and password that they provided when registering.

Given that the user credentials are correct, this returns a token that can then be used to authorise
other secured operations. In case the password is expired, a temporary token is returned, which can be used
solely for updating the password.

The token returned is valid for 5 minutes from last activity.

## Login via biometrics

 - [POST /login_via_biometrics](https://api.weavr.io/products/multi/openapi/access/loginviabiometrics.md): Trigger a push notification and subsequent biometric authentication of a user, by providing the email that was 
used in the enrolment process of biometrics.

This endpoint can be used in conjunction with your application to authenticate a user and receive a stepped-up 
token in a single action, for use in-session for any endpoints or UI components that require step-up 
authentication.

Given that the user credentials are correct, a push notification is sent to the user requesting them to complete
biometric authentication. On successful completion of authentication, a token will be shared that can be used 
for endpoints or UI components that require a stepped-up token.

## Get user identities

 - [GET /identities](https://api.weavr.io/products/multi/openapi/access/useridentities.md): Retrieves a list of identities available to the holder of the token.

## Logout

 - [POST /logout](https://api.weavr.io/products/multi/openapi/access/logout.md): Logs out the user and terminates the session identified by the auth_token in the Authorization Header.

## Acquire a new access token

 - [POST /access_token](https://api.weavr.io/products/multi/openapi/access/requestaccesstoken.md): This API endpoint accepts a POST request with an auth_token parameter and returns an access_token that grants authorized access to additional resources within the API, with a different expiration time and unique signature.