Assume

Authentication

All endpoints require a valid auth JWT, and also accept a profile JWT (X-Profile header) when available.

Client header

All endpoints require a Client header with the name of the client using this service.

POST /assume

Assumes a profile. A successful request returns a new profile token (profile_token) for the X-Profile header.

The user’s PIN code is required if all of the following is true:

  • Header X-Enforce-Pin is set to true

  • Child lock has been enabled

  • Currently selected profile is a child profile (as determined from the X-Profile header)

  • Target profile is an adult profile

Incorrect or missing PIN code results in HTTP 403 in this case.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    {
      "profile_id": "default"
    }
    
    
  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    > X-Enforce-Pin: true
    > X-Profile: Bearer <JWT>
    {
      "profile_id": "default"
    }
    
    
  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    > X-Enforce-Pin: true
    > X-Profile: Bearer <JWT>
    {
      "pincode": "0123",
      "profile_id": "default"
    }
    
    
  • Response 200 SHOW
  • {
      "profile_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwcm9maWxlcy1wcm9kIiwidWlkIjoiMTIzNDUiLCJwaWQiOiJkZWZhdWx0In0.hQ_2PUqPVp_QvTiP2tAusNxPZW7-B82dIHcsdxINWNs"
    }
    
  • Response 403 SHOW
  • unauthorized child
    

Avatars

Client header

All endpoints require a Client header with the name of the client using this service.

GET /avatars

Lists all available avatars.

  • Requests SHOW
  • > Client: foo-client
  • Response 200 SHOW
  • [
      {
        "id": "lynx",
        "images": [
          {"format": "svg", "url": "https://example.com/avatars/lynx.svg"},
          {"format": "png", "url": "https://example.com/avatars/lynx.png"}
        ],
        "image_urls": {
          "body": "https://example.com/avatars/lynx-body.png",
          "head": "https://example.com/avatars/lynx.png"
        }
      },
      {
        "id": "hedgehog",
        "images": [
          {"format": "svg", "url": "https://example.com/avatars/hedgehog.svg"},
          {"format": "png", "url": "https://example.com/avatars/hedgehog.png"}
        ],
        "image_urls": {
          "body": "https://example.com/avatars/headgehog-body.png",
          "head": "https://example.com/avatars/headgehog.png"
        }
      }
    ]
    

Child Lock

Authentication

All endpoints require a valid auth JWT.

Client header

All endpoints require a Client header with the name of the client using this service.

GET /childlock

Returns the child lock state. If the child lock has been enabled, this endpoint also returns the configured PIN code for offline use. PIN code enforcement for the /assume endpoint is always handled server-side.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
  • Response 200 SHOW
  • {
      "enabled": true,
      "pincode": "1234"
    }
    
POST /childlock

Enables or disables the child lock for the current user. Enabling the child lock requires the PIN code field to be set. Enabled child lock influences the behaviour of the /assume endpoint.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    {
      "enabled": true,
      "pincode": "0123"
    }
    
    
  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    {
      "enabled": false
    }
    
    
  • Response 200 SHOW

Profiles

Authentication

All endpoints require a valid auth JWT, and also accept a profile JWT (X-Profile header) when available.

Client header

All endpoints require a Client header with the name of the client using this service.

Default profile

Every user has a default profile which comes with the following traits:

  • The ID of the default profile is default.

  • The default profile cannot be deleted.

  • Age group cannot not be changed for the default profile.

Active profile

The profile matching that of the profile or auth JWT is marked as active.

  • The active profile cannot be deleted.

Age groups

adult, child, child0_6

POST /profiles

Creates a new profile.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    {
      "age_group": "child",
      "alias": "Alice",
      "avatar_id": "lynx",
      "theme_id": "space"
    }
    
    
  • Response 200 SHOW
  •     {
          "id": "profile-id-1",
          "age_group": "child",
          "alias": "Alice",
          "avatar": {
            "id": "lynx",
            "images": [
              {
                "format": "svg",
                "url": "https://example.com/avatars/lynx.svg"
              },
              {
                "format": "png",
                "url": "https://example.com/avatars/lynx.png"
              }
            ],
            "image_urls": {
              "body": "https://example.com/avatars/lynx-body.png",
              "head": "https://example.com/avatars/lynx.png"
            }
          },
          "theme": {
            "colors": {
              "background": "#582a72",
              "icons_and_text": "#160421",
              "primary": "#7e4c9a",
              "secondary": "#351249",
              "panel_title": "#ffffff"
            },
            "id": "space",
            "shadow_image_url": "https://example.com/themes/shadow-space.png",
            "top_image_url": "https://example.com/themes/space.png",
            "top_square_image_url": "https://example.com/themes/space-square.png"
          }
        }
    
PUT /profiles

Updates an existing profile.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    {
      "id": "profile-id-1",
      "age_group": "child",
      "alias": "Alice",
      "avatar_id": "lynx",
      "theme_id":"space"
    }
    
    
  • Response 200 SHOW
  • {
      "id": "profile-id-1",
      "age_group": "child",
      "alias": "Alice",
      "avatar": {
        "id": "lynx",
        "images": [
          {
            "format": "svg",
            "url": "https://example.com/avatars/lynx.svg"
          },
          {
            "format": "png",
            "url": "https://example.com/avatars/lynx.png"
          }
        ],
        "image_urls": {
          "body": "https://example.com/avatars/lynx-body.png",
          "head": "https://example.com/avatars/lynx.png"
        }
      },
      "theme": {
        "colors": {
          "background": "#582a72",
          "icons_and_text": "#160421",
          "primary": "#7e4c9a",
          "secondary": "#351249",
          "panel_title": "#ffffff"
        },
        "id": "space",
        "shadow_image_url": "https://example.com/themes/shadow-space.png",
        "top_image_url": "https://example.com/themes/space.png",
        "top_square_image_url": "https://example.com/themes/space-square.png"
      }
    }
    
GET /profiles

Lists all profiles for the authenticated user.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
    > X-Profile: Bearer <JWT>
  • Response 200 SHOW
  • [
      {
        "id": "profile-id-1",
        "age_group": "adult",
        "alias": "Alice",
        "avatar": {
          "id": "lynx",
          "images": [
            {
              "format": "svg",
              "url": "https://example.com/avatars/lynx.svg"
            },
            {
              "format": "png",
              "url": "https://example.com/avatars/lynx.png"
            }
          ],
          "image_urls": {
            "body": "https://example.com/avatars/lynx-body.png",
            "head": "https://example.com/avatars/lynx.png"
          }
        }
      },
      {
        "id": "profile-id-2",
        "active": true,
        "age_group": "child0_6",
        "alias": "Bob",
        "avatar": {
          "id": "hedgehog",
          "images": [
            {
              "format": "svg",
              "url": "https://example.com/avatars/hedgehog.svg"
            },
            {
              "format": "png",
              "url": "https://example.com/avatars/hedgehog.png"
            }
          ],
          "image_urls": {
            "body": "https://example.com/avatars/hedgehog-body.png",
            "head": "https://example.com/avatars/hedgehog.png"
          }
        },
        "theme": {
          "colors": {
            "background": "#582a72",
            "icons_and_text": "#160421",
            "primary": "#7e4c9a",
            "secondary": "#351249",
            "panel_title": "#ffffff"
          },
          "id": "space",
          "shadow_image_url": "https://example.com/themes/shadow-space.png",
          "top_image_url": "https://example.com/themes/space.png",
          "top_square_image_url": "https://example.com/themes/space-square.png"
        }
      }
    ]
    
DELETE /profiles/<profile-id>

Deletes a profile.

  • Requests SHOW
  • > Authorization: Bearer <JWT>
    > Client: foo-client
  • Response 204 SHOW

Themes

Client header

All endpoints require a Client header with the name of the client using this service.

GET /themes

Lists all available themes.

  • Requests SHOW
  • > Client: foo-client
  • Response 200 SHOW
  • [
      {
        "colors": {
          "background": "#582a72",
          "icons_and_text": "#160421",
          "primary": "#7e4c9a",
          "secondary": "#351249",
          "panel_title": "#ffffff"
        },
        "id": "space",
        "shadow_image_url": "https://example.com/themes/shadow-space.png",
        "top_image_url": "https://example.com/themes/space.png",
        "top_square_image_url": "https://example.com/themes/space-square.png"
      },
      {
        "colors": {
          "background": "#582a72",
          "icons_and_text": "#160421",
          "primary": "#7e4c9a",
          "secondary": "#351249",
          "panel_title": "#589642"
        },
        "id": "spring",
        "shadow_image_url": "https://example.com/themes/shadow-regular.png",
        "top_image_url": "https://example.com/themes/spring.png",
        "top_square_image_url": "https://example.com/themes/space-square.png"
      }
    ]