Login

Token

To make requests to the Wepin RESTful API, you must include a Token for authentication. Tokens for the Wepin RESTful API are generated in JWT (JSON Web Token) format. The API adopts an enhanced security approach using the Access Token and Refresh Token mechanism, a common authentication method in JWT-based systems.

The Access Token expires 12 hours after issuance. The Refresh Token remains valid for 7 days and can be used to issue a new Access Token.

When a login request is made, the response includes tokens: an accessToken and a refreshToken. The detailed process for token issuance is as follows:

  1. Token Issuance During Login

    • Access Token and Refresh Token are issued during the login process.

  2. Validate Token Before Sending an API Request

    • If both the Access Token and Refresh Token are expired: An error is raised. Re-login is required to issue new Access and Refresh Tokens.

    • If the Access Token is expired but the Refresh Token is still valid: Use the token refresh process to verify the Refresh Token and issue a new Access Token.

    • If the Access Token is valid but the Refresh Token is expired: Re-login is required to issue new Access and Refresh Tokens.

    • If both Access Token and Refresh Token are valid: Requests can be sent without issues.

  3. Client-Side Token Validation

    • Applications using Wepin RESTful API should verify token validity before sending a request. If the token is valid, proceed with the request.

  4. Handle Token Expiry During Requests

    • If the token validity is not verified before the API request and an HTTP Status Code 401 (Unauthorized) is returned, the client should refresh the token before retrying the request.

Request Header

Below are the required values for the Request Header when using the Wepin SDK API:

Name
Value
Description

X-API-KEY

${APP_KEY}

The App Key assigned during app registration

X-API-DOMAIN

${APP_DOMAIN}

The base domain, package name, or bundle ID registered when creating the app

Authorization

Bearer {token}

Bearer {token} where {token} is the Access Token received after Wepin login

X-SDK-TYPE

{platform}_rest_api

The platform using the RESTful API (e.g., android, ios, web). Example: web_res_api

Content-Type

application/json

Status Code

Code
Description

200

Success. JSON object included in the response.

400

Invalid data sent.

401

Token expired.

403

App Key error.

404

Not found.

500

Server internal error.

Error Response

Name
Type
Description

message

String

Error message

code

Integer

Error code value

data

Object

Error detail data

Check App Information

Check the validity of the issued App Key and confirm whether the registered app information is correct.

GET /v1/app/info HTTP/1.1
Host: sdk.wepin.io
X-API-KEY: ${APP_KEY}
X-API-DOMAIN: {APP_DOMAIN}
X-SDK-TYPE: {platform}_rest_api
Content-Type: application/json

Request

Parameter

Name
Type
Description
Required

platform

Integer

1: web 2: android 3 : ios

O

withNetwork

Boolean

true: Returns the network information used by the app registered in the Workspace. false: Does not return the network information used by the app registered in the Workspace. Default value.

X

Response

Success Response

Name
Type
Description

stage

Integer

1: development 2: product

appInfo

Object

App information(appinfo)

  • appInfo

    • id : App ID

    • assets array of object

      • coinId integer

        • Network coin ID used by the app

      • tokens integer[]

        • List of FT (Fungible Token) IDs used by the app


Login

To use the Wepin Wallet, you must log in. Wepin supports social login and email login through Firebase. To view the list of social login options supported by Wepin, please refer to the Social Login Provider page.

Wepin provides login libraries tailored to various development environments. For a list of login libraries by platform, see the API Overview page.

Perform Wepin login using the token obtained from the Firebase login result.

POST /v1/user/login HTTP/1.1
Host: sdk.wepin.io
X-API-KEY: ${APP_KEY}
X-API-DOMAIN: {APP_DOMAIN}
X-SDK-TYPE: {platform}_rest_api
Content-Type: application/json

{
	"idToken": "abc12..22"
}

Request

Parameter

Name
Type
Description
Required

idToken

String

(Using Wepin Login Library) Token value obtained from firebase login result

O

Response

Name
Type
Description

loginStatus

String

pinRequired: If this is the user's first login to Wepin, they must register with Wepin and create a new wallet. Therefore, the user needs to set a PIN required for wallet creation. registerRequired: If the user already has a Wepin wallet but is using the app for the first time, the user's Wepin wallet must register the app. Therefore, user PIN authentication for the existing wallet is required. complete: Indicates that the user login has been successfully completed.

walletId

string (optional)

The user's wallet ID. If the wallet already exists (when loginStatus is registerRequired or complete), the walletId will be returned.

token

Object

When the Wepin login is successfully completed, a token is returned.

userInfo

UserInfo (Object)

User information for the completed login. It is returned only when loginStatus is complete. (userInfo)

  • token

    • access String

      • Access Token (Encoded JWT Token)

    • refresh String

      • Refresh Token (Encoded JWT Token)

  • userInfo

    • userId String

      • User Id

    • email String

      • User e-mail

    • name String

      • User's name

    • locale String

      • Language set by the user

    • currency String

      • Currency set by the user

    • lastAccessDevice String

      • Last connected device

    • lastSessionIp String

      • Last connected IP

    • userJoinStage Integer

      • User registration stage (Not used when directly calling REST API)

      • 3: Registration completed

    • profileImage String

      • URL of the user's profile image

    • userState Integer

      • User status

      • 1: active

      • 2: deleted

    • user2FA Integer

      • 2FA activation status

      • 0 : Created but not yet authenticated - 2FA not available

      • 1 : Registration completed

      • 2: 2FA recovery code verification completed

Example

{
    "loginStatus": "complete",
    "userInfo": {
        "email": "sample-user@wepin.io",
        "name": "Sample User Name",
        "locale": "ko",
        "currency": "KRW",
        "lastAccessDevice": "Windows 10 Chrome 112.0.0.0",
        "lastSessionIP": "xxx.xxx.xxx.xxx",
        "userJoinStage": 3,
        "profileImage": "<https://profile.wepin.io/user-1>",
        "userState": 1,
        "use2FA": 2
    }
}

Logout

Performs user logout. Used together with Firebase logout and the logout function of the Wepin Login Library.

POST /v1/user/{userId}/logout HTTP/1.1
Host: sdk.wepin.io
X-API-KEY: ${APP_KEY}
X-API-DOMAIN: {APP_DOMAIN}
X-SDK-TYPE: {platform}_rest_api
Content-Type: application/json
Authorization: Bearer ${access_token}

Request

Parameter

Name
Type
Description
Required

userId

String

The userId from the userInfo received during the login process.

O

Response

Success Response

Returns an empty object.

{}

Token Reissuance

If the issued Access Token has expired but the Refresh Token is still valid, a new Access Token must be reissued.

GET /v1/user/access-token?userId={userId}&refresh_token={refresh_token} HTTP/1.1
Host: sdk.wepin.io
X-API-KEY: ${APP_KEY}
X-API-DOMAIN: {APP_DOMAIN}
X-SDK-TYPE: {platform}_rest_api
Content-Type: application/json
Authorization: Bearer ${access_token}

Request

Parameter

Name

Type

Description

Required

userId

String

The userId from the userInfo received during the login process.

O

refresh_token

String

Refresh Token received during the login process (token)

O

Response

Name
Type
Description

token

String

New Access Token


Agreeing to Terms of Service

When logging into the Wepin wallet, users must agree to the wallet's terms of service. After successfully login, the user's agreement status is updated on the Wepin backend server.

PATCH /v1/user/{userId}/terms-accepted HTTP/1.1
Host: sdk.wepin.io
X-API-KEY: ${APP_KEY}
X-API-DOMAIN: {APP_DOMAIN}
X-SDK-TYPE: {platform}_rest_api
Content-Type: application/json
Authorization: Bearer ${access_token}

{
	"termsAccepted": {
		"termsOfService": true 
		"privacyPolicy": true,
	}
}

Request

Parameter

Name
Type
Description
Required

termsAccepted

Object

The terms agreed upon by the user. If additional types of terms are introduced, new properties will be added. Once the value of a property is set to true, it cannot revert to false.

O

Response

The content matches the body of the Request.

Name
Type
Description

termsAccepted

Object

The terms agreed upon by the user. If additional types of terms are introduced, new properties will be added. Once the value of a property is set to true, it cannot revert to false.

Get Terms of Service Agreement Status

Use the API to get the user's agreement status for the terms of service.

Request

Parameter

Response

Name
Type
Description
Required

termsAccepted

Object

Terms agreed upon by the user. If additional types of terms are introduced, new properties will be added. Once the value of a property is set to true, it cannot revert to false.

O

Last updated