REST API Digits Add-on for WordPress

This addon for Digits provides the functionality of login/signup using mobile phone numbers to your WordPress site using REST API.

Check our Postman API Samples from here.
(https://documenter.getpostman.com/view/37319001/2sA3kbhK2q)

Authentication

The API is token-based as its more secure than the conventional method. Also since it does not use credentials, you can restrict access anytime.

Access Token is a token that can be sent used as a replacement for user credentials for further requests. To authenticate with an access token, the request needs to be sent with header

Authorization: Bearer access_token

Note: you will need to re-request access token if the user has changed his password.

Access Token Validity
If an Access token is not used for more than 14 days it will expire, then you’ll need to request the token again. You can even change the expiry from REST API addon settings. If the token gets expired you’ll get the below error with 401 HTTP error code

{“success”:false,”data”:{“error”:”token_expired”,”message”:”Your session has expired. Please login again”}}

If authorization fails, it will return 401 HTTP code

{“success”:false,”data”:{“error”:”invalid_token”,”message”:”Invalid Token”}}

If authentication is not working you will need to add this to your .htaccess

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

You will also need to add this to httpd.conf

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

NOTE: The request should be sent as POST Parameters in Body

If using Firebase Gateway

You’ll also need to add their native libraries to send OTP as we will verify them with tokens.

You can verify if your token is correct or not here https://jwt.io/

For more information visit: https://firebase.google.com/docs/auth/admin/verify-id-tokens#retrieve_id_tokens_on_clients

Flow Chart

Registration

Endpoint: wp-json/digits/v1/create_user

Parameters

digits_reg_name	First Name
digits_reg_countrycode	Country Code (with + symbol)
digits_reg_mobile	Mobile Phone Number
digits_reg_password	Password
digits_reg_username	Username
digits_reg_email	Email
otp	One Time Passcode
ftoken	Firebase ID Token if using Firebase Gateway
code	AccountKit authorization code if using Account Kit Gateway
digits_reg_{{meta_key}}	Digits Custom Field Meta (Remove all special characters from meta key for eg: a-b_c becomes abc)

Response

Success
{“success”:true,”data”:{“user_id”:”user_id”,”access_token”:”Access Token”,”token_type”:”bearer”}}

You can use this authentication token to authenticate user (See Authentication section for more details)

Failure
{“success”:false,”data”:{“code”:”-1″,”msg”:”Error Message”}}

Login

Endpoint: wp-json/digits/v1/login_user

Parameters

user	User’s Phone Number / Email / Username (not needed with Account Kit)
countrycode	Country code of Phone (with + symbol) (only needed if value of “user” is phone number)
password	User’s Password (not required if using OTP)
otp	One Time Passcode
ftoken	Firebase ID Token if using Firebase Gateway
code	AccountKit authorization code if using Account Kit Gateway

Response

Success
{“success”:true,”data”:{“user_id”:”user_id”,”access_token”:”Access Token”,”token_type”:”bearer”}}

You can use this authentication token to authenticate user (See Authentication section for more details)

Failure
{“success”:false,”data”:{“code”:”-1″,”msg”:”Error Message”}}

Forgot Password

Endpoint: wp-json/digits/v1/recovery

This can be used to reset password using email and mobile phone number both. If email is used in “user” parameter then an email with link will be sent to user for password change.
If phone number is used in “user” parameter then it will require OTP to proceed with password change request

Parameters

user	User’s Phone Number / Email / Username
countrycode	Country code of Phone (with + symbol) (only needed if value of “user” is phone number)
otp	One Time Passcode (only needed if value of “user” is phone number)
ftoken	Firebase ID Token if using Firebase Gateway (only needed if value of “user” is phone number)
code	AccountKit authorization code if using Account Kit (only needed if value of “user” is phone number)
password	User’s New Password (only needed if value of “user” is phone number)

Response

Success
{“success”:true,”data”:{“user_id”:”user_id”,”access_token”:”Access Token”,”token_type”:”bearer”}}

You can use this authentication token to authenticate user (See Authentication section for more details)

Failure
{“success”:false,”data”:{“code”:”-1″,”msg”:”Error Message”}}

Logout

Endpoint: wp-json/digits/v1/logout

This request should be sent with Access Token to expire the Access Token. (Read Authentication section for more about Access Token)

Response

Success
{“success”:true}

Failure
{“success”:false}

Update Mobile Phone Number

Endpoint: wp-json/digits/v1/update_phone

This request should be sent with Access Token. (Read Authentication section for more about Access Token)

Parameters (All Required)

countrycode	User’s Phone number country code (with + symbol)
mobileNo	User’s New Phone number
whatsapp	1 (only if whatsapp is being used)
otp	One Time Passcode (for verify_otp)(only if value of user is phone number)
ftoken	Firebase ID Token (for verify_otp)(only needed if value of “user” is phone number, for Firebase)

Response

Success
{“success”:true}

Failure
{“success”:false,”data”:{”msg”:”Error Message”}}

OTP

Send OTP & Resend OTP

Send OTP endpoint: wp-json/digits/v1/send_otp

Resend OTP endpoint: wp-json/digits/v1/resend_otp

Parameters

countrycode	User’s Phone number country code (with + symbol)
mobileNo	User’s Phone number
type	login (if the action is login) register (if the action is registration) resetpass (if the action is reset password) update (if the action is update phone)
whatsapp	1 (only if whatsapp is being used)
username (optional)	(for send_otp and type = register) if you want to validate and check if user exists with username before sending OTP
email (optional)	(for send_otp and type = register) if you want to validate and check if user exists with email before sending OTP

Verify OTP

Verify OTP endpint: wp-json/digits/v1/verify_otp

Parameters (All Required)

countrycode	User’s Phone number country code (with + symbol)
mobileNo	User’s Phone number
type	login (if the action is login) register (if the action is registration) resetpass (if the action is reset password) update (if the action is update phone)
whatsapp	1 (only if whatsapp is being used)
otp	One Time Passcode (only if value of user is phone number)
ftoken	Firebase ID Token (only needed if value of “user” is phone number, for Firebase)

Response

Success
{“accountkit”:0,”firebase”:0,”code”:”1″}

If accountkit is 1, then you need to use account kit for verification
If firebase is 1, then you need to use firebase for verification
If code is 1, then it’s a success

Failure
{“code”:”-11″,”message”:”Error Message”}

One Click Login/Signup

Endpoint: wp-json/digits/v1/one_click

This requires One Click Login/Signup Addon to work

Also, if you are using Firebase then you first need to get the Ftoken using Firebase’s SDK and if you are using any other Gateway then you first need to call wp-json/digits/v1/send_otp and the type should be set to login

Parameters

mobileNo	User’s Phone number
countrycode	Country code of Phone (with + symbol)
otp	One Time Passcode
ftoken	Firebase ID Token if using Firebase Gateway
code	AccountKit authorization code if using Account Kit Gateway

Response

Success
{“success”:true,”data”:{“user_id”:”user_id”,”access_token”:”Access Token”,”token_type”:”bearer”}}

You can use this authentication token to authenticate user (See Authentication section for more details)

Failure
{“success”:false,”data”:{“code”:”-1″,”msg”:”Error Message”}}

PHP Endpoints

Get User Access Token

digits_get_user_access_tokens($user_id);

Returns arrays of std object of

id	Token ID
user_id	WordPress User ID
access_token	Access Token
ip	IP address from which token was created
last_time	Last time when token was used for authotizing user
create_time	Time of token creation

Get User from Access Token

You can even use this to verify token.
Returns: WP_User object on success, false on failure.

digits_get_user_from_access_token($auth_token)

Delete User Token

Returns: number of tokens affected on success, false on failure.

digits_delete_access_token($auth_token)

Delete All User Tokens

Returns: number of tokens affected on success, false on failure.

digits_delete_user_access_tokens($user_id)

Miscellaneous

Add Custom Data in response

Add the below code to your child theme

add_filter('digits_rest_token_data', 'digits_rest_add_user_id', 10, 2);
function digits_rest_add_user_id($data, $user_id){
    $data['your_key'] = get_user_meta($user_id, 'meta_key'); 
    return $data;
}

Change or Modify Token

If you want to use any third party bearer token or you want to modify access token you can use the following code

add_filter('digits_rest_token', 'digits_change_token', 10, 2);
function digits_change_token($access_token, $user_id){

    // your code to modify token

    return $access_token;
}

REST API

Authentication

If using Firebase Gateway

Flow Chart

Registration

Endpoint: wp-json/digits/v1/create_user

Parameters

Response

Login

Endpoint: wp-json/digits/v1/login_user

Parameters

Response

Forgot Password

Endpoint: wp-json/digits/v1/recovery

Parameters

Response

Logout

Endpoint: wp-json/digits/v1/logout

Response

Update Mobile Phone Number

Endpoint: wp-json/digits/v1/update_phone

Parameters (All Required)

Response

OTP

Send OTP & Resend OTP

Send OTP endpoint: wp-json/digits/v1/send_otp

Resend OTP endpoint: wp-json/digits/v1/resend_otp

Parameters

Verify OTP

Verify OTP endpint: wp-json/digits/v1/verify_otp

Parameters (All Required)

Response

One Click Login/Signup

Endpoint: wp-json/digits/v1/one_click

Parameters

Response

PHP Endpoints

Get User Access Token

Get User from Access Token

Delete User Token

Delete All User Tokens

Miscellaneous

Add Custom Data in response

Change or Modify Token

Page and Popup Builder