# Authentication

This section explains how to get an authentication token for the GIZO APIs depending on your use case.

## Method 1: Obtaining Authentication Token as a User from User's Phone Number

<mark style="color:red;">**NOTE: Use the following endpoints only if you intend to store the personal information of your users on GIZO platform.**</mark>

<mark style="color:red;">**NOTE: It is recommended to use method 2 if you already have an authentication system for your app.**</mark>

In this method, a token can be obtained to manage the user's information. This token is unique for each user, and, of course, can be used to manage the information of the user to whom the token belongs. To obtain a token follow the steps below:

1. Request for a verification code using `[POST] ​/api​/v1​/User​/checkIdentity` endpoint:

## POST /api/v1/User/checkIdentity

>

```json
{"openapi":"3.0.1","info":{"title":"Gizo API v1","version":"1.0"},"servers":[{"url":"https://api.artificient.de"},{"url":"https://api.gizo.pod.artificient.de"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"Provide a JWT Bearer","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"Gizo.Api.Contracts.Users.V1.Requests.CheckIdentityRequest":{"required":["username"],"type":"object","properties":{"username":{"minLength":1,"type":"string"}},"additionalProperties":false}}},"paths":{"/api/v1/User/checkIdentity":{"post":{"tags":["User"],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CheckIdentityRequest"}},"text/json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CheckIdentityRequest"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CheckIdentityRequest"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"type":"boolean"}}}}}}}}}
```

#### Header Request Parameters

Authentication Bearer Token

#### Request Body Parameters

**username:** this property represents the user's phone number. It is expected to be a string value, e.g. **"+49\_1747707607",** where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number. &#x20;

#### **Response**

The endpoint sends a verification code to the user's phone via SMS.&#x20;

<mark style="color:red;">**NOTE: In case the entered username does not exit in our database, an account is created.**</mark>&#x20;

2. Use the **username** and the **received verification code (via SMS)** to authenticate the user and obtain a token using `[POST] ​/api​/v3​/User​/verify`:

## POST /api/v3/User/verify

>

```json
{"openapi":"3.0.1","info":{"title":"Gizo","version":"3.0"},"servers":[{"url":"https://api.artificient.de"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"Provide a JWT Bearer","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"VerifyIdentityRequest":{"required":["username","verifyCode"],"type":"object","properties":{"username":{"minLength":1,"type":"string"},"verifyCode":{"minLength":1,"type":"string"}},"additionalProperties":false},"UserVerifyResponse":{"type":"object","properties":{"userName":{"type":"string","nullable":true},"firstName":{"type":"string","nullable":true},"lastName":{"type":"string","nullable":true},"email":{"type":"string","nullable":true},"phoneNumber":{"type":"string","nullable":true},"profileImagePath":{"type":"string","nullable":true},"birthDate":{"type":"string","format":"date-time","nullable":true},"gender":{"$ref":"#/components/schemas/Gender"},"isInitialized":{"type":"boolean"},"token":{"type":"string","nullable":true}},"additionalProperties":false},"Gender":{"enum":[0,1,2],"type":"integer","format":"int32"}}},"paths":{"/api/v3/User/verify":{"post":{"tags":["User"],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerifyIdentityRequest"}},"text/json":{"schema":{"$ref":"#/components/schemas/VerifyIdentityRequest"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/VerifyIdentityRequest"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserVerifyResponse"}}}}}}}}}
```

#### Header Request Parameters

Authentication Bearer Token

#### Request Body Parameters

**username:** this property represents the user's phone number. It is expected to be a string value, e.g. **"+49\_1747707607",** where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

**verifyCode:** the 5-digit verification code received via SMS. e.g **12345**.

#### **Response**

The provided endpoint response contains several properties, including:&#x20;

**userName:** this property represents the user's phone number. It is expected to be a string value, e.g. **"+49\_1747707607**"**,** where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

**token:** the token with which you can access the rest of the **app API endpoints**.

**NOTE:** the portal API endpoints cannot be accessed using this token.

**firstName:** this property represents the user's first name. It is expected to be a string value, e.g. **“David”**.

**lastName:** the lastName property represents the user's last name. It is also expected to be a string value, e.g. **"Smith"**.

**email:** this property represents the user's email address. It is expected to be a string value, e.g. **"<david.smith@gmail.com>"**.

**NOTE:** email can be an empty text. If not, it must be sent in the proper format of email.

**phoneNumber:** the phoneNumber property represents the user's phone number. It is also expected to be a string value, e.g. **"+49\_1747707607",** where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

## Method 2: Obtaining Authentication Token as an Admin Using an Admin Token and a User ID&#x20;

In this method, the admin token and user ID (obtained in the Authentication and User Management section - [Android](/usage/android/authentication-and-user-management.md), [iOS](/usage/ios/authentication-and-user-management.md), [React Native](/usage/react-native/authentication-and-user-management.md) ) can be used to obtain a token for managing the user. This token is unique for each user, and, of course, can be used to manage the information of the user to whom the token belongs. To obtain a token follow the steps below:

1. Get an admin token using your Client ID and Client Secret:

## POST /api/v1/company/access-token

>

```json
{"openapi":"3.0.1","info":{"title":"Gizo API v1","version":"1.0"},"servers":[{"url":"https://api.artificient.de"},{"url":"https://api.gizo.pod.artificient.de"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"Provide a JWT Bearer","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"Gizo.Api.Contracts.Users.V1.Requests.CompanyLoginRequest":{"required":["clientId","clientSecret"],"type":"object","properties":{"clientId":{"minLength":1,"type":"string"},"clientSecret":{"minLength":1,"type":"string"}},"additionalProperties":false},"Gizo.Application.Users.V1.Dtos.LoginResponse":{"type":"object","properties":{"token":{"type":"string","nullable":true}},"additionalProperties":false}}},"paths":{"/api/v1/company/access-token":{"post":{"tags":["Company"],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CompanyLoginRequest"}},"text/json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CompanyLoginRequest"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/Gizo.Api.Contracts.Users.V1.Requests.CompanyLoginRequest"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Gizo.Application.Users.V1.Dtos.LoginResponse"}}}}}}}}}
```

#### Header Request Parameters

Not Header Parameter required

#### Request Body Parameters

**clientId:** the Client ID in `auth.json`.

**clientSecret:** the Client Secret in `auth.json`.

NOTE: If you do not have the auth.json fie, please [contact](/contact.md) our technical support.

#### **Response**

**token:** the admin token with which you can obtain a user token as an admin.

2. Use the obtained admin token and user ID created in the Authentication and User Management section ([Android](/usage/android/authentication-and-user-management.md), [iOS](/usage/ios/authentication-and-user-management.md), [React Native](/usage/react-native/authentication-and-user-management.md)) to get a user token:

## POST /api/v2/User/client-token

>

```json
{"openapi":"3.0.1","info":{"title":"Gizo","version":"2.0"},"servers":[{"url":"https://api.artificient.de"}],"security":[{"Bearer":[]}],"components":{"securitySchemes":{"Bearer":{"type":"http","description":"Provide a JWT Bearer","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"CreateUserRequest":{"required":["userId"],"type":"object","properties":{"userId":{"type":"integer","format":"int64"}},"additionalProperties":false},"LoginResponse":{"type":"object","properties":{"token":{"type":"string","nullable":true}},"additionalProperties":false}}},"paths":{"/api/v2/User/client-token":{"post":{"tags":["User"],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CreateUserRequest"}},"text/json":{"schema":{"$ref":"#/components/schemas/CreateUserRequest"}},"application/*+json":{"schema":{"$ref":"#/components/schemas/CreateUserRequest"}}}},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LoginResponse"}}}}}}}}}
```

#### Header Request Parameters

<mark style="color:red;">Admin</mark> Authentication Bearer Token

#### Request Body Parameters

**userId:** the user ID for which you want to receive an authentication token.

#### **Response**

**token:** the token with which you can access the rest of the **app API endpoints**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.artificient.de/api-documentation/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.