API Enhancements

We've made a number of enhancements to our API lately and wanted to take a minute to outline them for you.

First up, several API methods now support an expands parameter which will include extra data in the response. In many circumstances, this will improve your app's performance by eliminating additional API calls that were previously required.

expands=memberships

expands=memberships is now honored for Get a user, Authenticate a user, Authenticate a key, Get an org, and Get a session. In all cases it will add membership data along with relevant users (Get an org) or orgs (the rest).

expands=custom

expands=custom will include custom attributes in responses to List users, List orgs, and List realms.

expands=token

expands=token, available on Get a session, will add a complete copy of the JWT token with the response. This is useful if for some reason you only have the session ID (instead of the entire token) or if the user's data (name, memberships, etc) has changed and you want an updated token. It will leave the lifespan of the original token unchanged.

request

A couple of methods had support for ip and/or client attributes. This was very limited in scope and these old attributes are now deprecated. We've replaced them with a new request hash that contains both ip and client. More importantly, request is now available on nearly every API call that is capable of generating an event. The request hash will be attached to each generated event. Example:

POST /v1/users/text@example.com/authenticate
{ "password" : "secret",
  "request" : {
    "ip" : "192.2.0.1",
    "client" : "Firefox/38.0"
  }
}

LoginRocket logout

Logout has been added to the LoginRocket API.

CORS for LoginRocket

The LoginRocket API now supports CORS in addition to JSONP. CORS support is considered beta.

X-Request-ID

All API calls now return an X-Request-ID header which is unique to each request. It will look something like this:

X-Request-ID: rq_0vdbINw16QhITBp4iBhgX4

If you have a question about a specific API call, sending the request ID will make it much easier for us to help you debug the issue.