icon ${title}

The Authentication model followed by Qvikly is similar to OAuth2 in what's presented during web service API calls requiring. However, in establishing the tokens, there is a different process 2 step process. Note that this is used whether you are making API calls through custom code or using Qvikly app. We don't store passwords and instead expect the user to verify their credentials by sending a 6 digit code to their email that's valid for a short duration. Re-establishing expired tokens requires manual input and tokens expire monthly. #### Request Authentication Code This request will cause a authentication code to be sent to the specified email. 1. > POST /actions/authenticate Form Parameters:
`email` - the email of the user
`clientid` - this is expected to be a GUID that uniquely identifies the client.
`User-Agent` - (optional) this is captured as a means to tracking the client that's making the calls. Response: Status-Code: 200 if successful Response Body: { expiry: "{when the token will expire}", isNewUser: true/false } #### Confirm Authentication Code This request will establish the authentication token that was created for the specified clientid/emailid combination, based on a confirmed authentication code. 2. >GET /actions/authenticate Form Parameters:
`email` - the email of the user
`clientid` - this is expected to be a GUID that uniquely identifies the client.
`authcode` - this is the 6 digit numeric code that was emailed to the user. Response: Status-Code: 200 if successful Response Body: { auth_token: "", expires: "{when the token will expire}" }