Ctrlk

Authentication

The vast majority of API endpoints within the Appmixer require an access token to execute the calls. The following methods explain how to create a user and obtain the access token through the sign-in endpoint.

Sign-in User

POST https://api.YOUR_TENANT.appmixer.cloud/user/auth

Sign in a user with credentials and get their access token. curl -XPOST "https://api.appmixer.com/user/auth" -H "Content-type: application/json" -d '{ "username": "[email protected]", "password": "abc321" }'

You can sign in either with your username and password or with your email and password.

Request Body

Name
Type
Description

password*

string

Password.

username

string

Username. If the email is not provided in the body, a username is required. Hence, a username or email must be included.

email

string

Email. If the username is not provided in the body, an email is required. Hence, a username or email must be included.

{
    "user": {
        "id": "5c88c7cc04a917256c726c3d",
        "username":"[email protected]",
        "isActive": false,
        "email": "[email protected]", 
        "plan":"free"
    },
    "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjODhjN2NjMDRhOTE3MjU2YzcyNmMzZCIsInNjb3BlIjpbInVzZXIiXSwiaWF0IjoxNTUyNDkyNjA5LCJleHAiOjE1NTUwODQ2MDl9.9jVcqY0qo9Q_1GeK9Fg14v7OrdpWvzmqnv4jDMZfqnI"
}

Create User

POST https://api.YOUR_TENANT.appmixer.cloud/user

Create user. By default, this endpoint is open (does not require authentication). This can be changed by setting the API_USER_CREATE_SCOPE system configuration. If you set the value of API_USER_CREATE_SCOPE to for example admin, then an admin token will be required to call this API. curl -XPOST "https://api.appmixer.com/user" -H "Content-type: application/json" -d '{ "username": "[email protected]", "email": "[email protected]", "password": "abc321" }'

Request Body

Name
Type
Description

password*

string

Password.

email*

string

Email address.

username*

string

Username.

Rate Limiting

To protect against abuse, this endpoint implements rate limiting for unauthenticated signup requests (public user registration). Rate limiting applies two layers of protection:

  1. Email-based rate limiting: Limits signup attempts per email address

  2. IP-based rate limiting: Limits signup attempts per IP address

Rate limiting only applies to unauthenticated signups. When an authenticated admin creates a user via the API, rate limiting is bypassed.

Configuration

Rate limits can be configured using environment variables:

Email-based limits:

  • USER_SIGNUP_RATE_LIMIT_EMAIL - Maximum signups per email (default: 10)

  • USER_SIGNUP_RATE_LIMIT_EMAIL_WINDOW_MS - Time window in milliseconds (default: 3600000 = 1 hour)

IP-based limits:

  • USER_SIGNUP_RATE_LIMIT_IP - Maximum signups per IP address (default: 50)

  • USER_SIGNUP_RATE_LIMIT_IP_WINDOW_MS - Time window in milliseconds (default: 3600000 = 1 hour)

See User Signup Rate Limiting in the configuration guide for more details.

Error Handling

When a rate limit is exceeded, the API returns:

  • HTTP Status: 429 Too Many Requests

  • Error Message: Descriptive message indicating which limit was exceeded

Example responses:

  • Email limit: "Too many signup attempts for this email address. Please try again later."

  • IP limit: "Too many signup attempts from your IP address. Please try again later."

For bulk user creation or migrations, use an authenticated admin account to create users. This bypasses rate limiting entirely.

Get User Information

GET https://api.YOUR_TENANT.appmixer.cloud/user

Get user information. curl "https://api.appmixer.com/user" -H "Authorization: Bearer [ACCESS_TOKEN]"

PreviousEnd User GuideNextAutomation Hub

Last updated

Was this helpful?