1. Guides
  2. /
  3. Authenticate the user
  4. /
  5. Use scan code login authentication
  6. /
  7. Use self-built App to scan the code to log in to the website
  8. /
  9. Complete interface list

APP Full Interface List For APP QR Code Login

Update Time: 2025-02-18 09:00:47
Edit

Authing provides a REST-based QR code login interface, which developers can call directly.

Generate QR code

POST
https://core.authing.cn/api/v2/qrcode/gene

The interface will return the QR code ID (random) and the QR code link.

Headers
x-authing-userpool-id
REQUIRED
string

User pool ID

Body Paramter
customeData
OPTIONAL
string

The custom data field will be written into the original data of the QR code.

scene
REQUIRED
string

Scene value. A constant, fill in APP_AUTH.

200: OK

Field definition:

-- random: The only sign of the QR code, which will be used to query the status of the QR code and the user confirmation authorization interface.

  • url: QR code image address.
  • expiresIn: The valid time of the QR code.
{
  "code": 200,
  "data": {
    "random": "SzZrszCJNCFfVBDUCKLDtAYNBR96SK",
    "expiresIn": 120,
    "url": "https://files.authing.co/user-contentsqrcode/5fae2648201cfd526f0ec354/SzZrszCJNCFfVBDUCKLDtAYNBR96SK.png"
  }
}

Example of generated QR code:

Use the online QR code decoding tool (opens new window) to view the QR code data as follows:

{
  "scene": "APP_AUTH",
  "random": "SzZrszCJNCFfVBDUCKLDtAYNBR96SK",
  "userPoolId": "5fae2648201cfd526f0ec354",
  "createdAt": "2020-11-13T06:23:25.396Z",
  "expiresIn": 120,
  "customData": {}
}

Query the status of the QR code

GET
https://core.authing.cn/api/v2/qrcode/check
Query Parameters
random
REQUIRED
string

QR code ID

200: OK
{
  "code": 200,
  "message": "Query the QR code status successfully!",
  "data": {
    "random": "SzZrszCJNCFfVBDUCKLDtAYNBR96SK",
    "userInfo": {},
    "status": 0,
    "ticket": null,
    "scannedUserId": null
  }
}

Request result field description:

  • status
    • 0: The code is not scanned.
    • 1: The QR code has been scanned but the user has not clicked to agree to authorize or cancel authorization. At this time, the user's avatar and nickname will be returned, but it does not contain other confidential information, which can be used for front-end avatar display.
    • 2: User agrees to authorization
    • 3: User cancels authorization
    • -1: Expired
  • userInfo:
    • By default, after the user scans the code, it will contain two fields: nickname and photo
    • Developers can also configure to return complete user information (including login credentials token)
  • ticket: used in getting complete user information. **This field will only appear after the user agrees to the authorization. **See below for details.

To get user information by ticket

POST
https://core.authing.cn/api/v2/qrcode/userinfo
Body Paramter
ticket
REQUIRED
string

Query the ticket returned by the QR code status interface

200: OK
{
  "code": 200,
  "message": "换取用户信息成功",
  "data": {
    "id": "5e05bbf2d51b3761d5c71070",
    "email": "983132@qq.com",
    "emailVerified": false,
    "oauth": "",
    "username": "983132@qq.com",
    "nickname": "",
    "company": "",
    "photo": "https://usercontents.authing.co/authing-avatar.png",
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7ImVtYWlsIjoiOTgzMTMyQHFxLmNvbSIsImlxxxxxxxxx",
    "phone": "",
    "tokenExpiredAt": "2020-01-11T08:08:18.000Z",
    "loginsCount": 1,
    "lastIp": "::1",
    "signedUp": "2019-12-27T08:08:18.115Z",
    "blocked": false,
    "isDeleted": false
  }
}

Attention: By default, this interface is only allowed to be called on the server side,which needs to be initialized with the user pool key.

The default validity time of the ticket is 300 s.

Developers can modify in the Authing console (opens new window) basic configuration -> basic settings -> app QR code scanning login Web custom configuration. See the custom configuration item page for details.

Mark the code scanned on APP

POST
https://core.authing.cn/api/v2/qrcode/scanned

APP 端标记已扫码,标记扫码之后 Web 端将可以获取到当前用户的昵称和头像。

Headers
x-authing-userpool-id
REQUIRED
string

User pool ID

Authorization
REQUIRED
string

User login credentials

Body Paramter
random
REQUIRED
string

QR code ID

200: OK
{
    code: 200,
    message: "QR code scanning confirmed successfully",
    data: {
        random: "", // Return as it was before
        status: 0,
        description: "xxxx",
    }
}

The APP needs to meet two conditions:

  1. User must be logged in
  2. The user's user pool ID matches the QR code user pool ID.

Agrees to authorization on APP

POST
https://core.authing.cn/api/v2/qrcode/confirm

The APP agrees to the authorization, and the scanned interface needs to be called before calling this interface.

Headers
x-authing-userpool-id
REQUIRED
string

User pool ID

Authorization
REQUIRED
string

User login credentials

Body Paramter
random
REQUIRED
string

QR code ID

200: OK
{
    code: 200,
    message: "Authorized login succeeded",
    data: {
        random: "", // Return as it was before
        status: 1,
        description: "xxxx",
    }
}

The APP needs to meet two conditions:

  1. User must be logged in
  2. The user's user pool ID matches the QR code user pool ID.

Cancel authorization on APP

POST
https://core.authing.cn/api/v2/qrcode/cancel

To cancel authorization on the APP, you need to call the scanned interface before calling this interface.

Headers
x-authing-userpool-id
REQUIRED
string

User pool ID

Authorization
REQUIRED
string

User login credentials

Body Paramter
random
REQUIRED
string

QR code ID

200: OK
{
    code: 200,
    message: "Cancel authorization successfully",
    data: {
        random: "", // Return as it was before
        status: -1,
        description: "xxxx",
    }
}

The APP needs to meet two conditions:

  1. User must be logged in
  2. The user's user pool ID matches the QR code user pool ID.