Viki Platform

Check tokens

Returns information about the user associated with the token

GET /v4/sessions/(TOKEN).json

Only a summary of the user is returned, use the user endpoint for full details.

Create Session

These endpoints are currently restricted to official Viki applications

Viki credentials

Logs in a user. Must be over HTTPS

POST /v4/sessions.json

Expected body parameters:

Example:

{"login_id": "leto@dune.gov","password": "ghanima"}

The returned value includes two fields: token and user. The token acts like a session id, and should be included in any subsequent user-specific requests via token=TOKEN. The user field in general information about the user.

Facebook credentials

Logs a user using a valid Facebook access token. Must be over HTTPS. To get a Facebook access token please refer to Facebook's documentation.

POST /v4/sessions.json

Expected body parameters:

example

{"facebook_token": "1234567890"}

The returned value is the same as the Viki login. If the user has never logged in using Facebook two different things might happen:

1 - There is an existing viki account with the same email as the Facebook account. In this case the Facebook account is linked to the Viki account and the user is logged in.

2 - There is no user account with the Facebook account email. In this case a new user is created and logged in. The password for this new user is random and as such it can only log in using Facebook.

It is possible to pass Facebook credentials with a user already logged in via Viki credentials by passing the token=TOKEN query. In this case, the user that is logged in will be updated with the Facebook information as long as it is not linked to a different Facebook ID and the emails (in Viki and Facebook) match.

XBox credentials

Logs a user using a valid Facebook access token. The XBox token is a SAML Token

POST /v4/sessions.json

Expected body parameters:

example

{"msft_token": "<EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">...</EncryptedAssertion>"}

The returned value is the same as the Viki login.

Errors

The following vcode errors can happen:

Destroy Session

These endpoints are currently restricted to official Viki applications

Deletes the session, rendering the token useless.

DELETE /v4/sessions/TOKEN.json?token=TOKEN