search

Authentication

This section explains how to get an authentication token for the GIZO APIs depending on your use case.

hashtag
Method 1: Obtaining Authentication Token as a User from User's Phone Number

NOTE: Use the following endpoints only if you intend to store the personal information of your users on GIZO platform.

NOTE: It is recommended to use method 2 if you already have an authentication system for your app.

In this method, a token can be obtained to manage the user's information. This token is unique for each user, and, of course, can be used to manage the information of the user to whom the token belongs. To obtain a token follow the steps below:

  1. Request for a verification code using [POST] ​/api​/v1​/User​/checkIdentity endpoint:

post
/api/v1/User/checkIdentity
Authorizations
AuthorizationstringRequired

Provide a JWT Bearer

Body
usernamestring Β· min: 1Required
Responses
chevron-right
200

Success

application/json
booleanOptional
post
/api/v1/User/checkIdentity
200

Success

hashtag
Header Request Parameters

Authentication Bearer Token

hashtag
Request Body Parameters

username: this property represents the user's phone number. It is expected to be a string value, e.g. "+49_1747707607", where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

hashtag
Response

The endpoint sends a verification code to the user's phone via SMS.

NOTE: In case the entered username does not exit in our database, an account is created.

  1. Use the username and the received verification code (via SMS) to authenticate the user and obtain a token using [POST] ​/api​/v3​/User​/verify:

post
Authorizations
AuthorizationstringRequired

Provide a JWT Bearer

Body
usernamestring Β· min: 1Required
verifyCodestring Β· min: 1Required
Responses
chevron-right
200

Success

application/json
userNamestring Β· nullableOptional
firstNamestring Β· nullableOptional
lastNamestring Β· nullableOptional
emailstring Β· nullableOptional
phoneNumberstring Β· nullableOptional
profileImagePathstring Β· nullableOptional
birthDatestring Β· date-time Β· nullableOptionalExample: 2025-06-11
genderinteger Β· enumOptionalPossible values:
isInitializedbooleanOptional
tokenstring Β· nullableOptional
post
/api/v3/User/verify
200

Success

hashtag
Header Request Parameters

Authentication Bearer Token

hashtag
Request Body Parameters

username: this property represents the user's phone number. It is expected to be a string value, e.g. "+49_1747707607", where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

verifyCode: the 5-digit verification code received via SMS. e.g 12345.

hashtag
Response

The provided endpoint response contains several properties, including:

userName: this property represents the user's phone number. It is expected to be a string value, e.g. "+49_1747707607", where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

token: the token with which you can access the rest of the app API endpoints.

NOTE: the portal API endpoints cannot be accessed using this token.

firstName: this property represents the user's first name. It is expected to be a string value, e.g. β€œDavid”.

lastName: the lastName property represents the user's last name. It is also expected to be a string value, e.g. "Smith".

email: this property represents the user's email address. It is expected to be a string value, e.g. "[email protected]".

NOTE: email can be an empty text. If not, it must be sent in the proper format of email.

phoneNumber: the phoneNumber property represents the user's phone number. It is also expected to be a string value, e.g. "+49_1747707607", where the "+49" on the left side of the underscore represents the country code, and "1747707607" on the right side of the underscore is the number.

hashtag
Method 2: Obtaining Authentication Token as an Admin Using an Admin Token and a User ID

In this method, the admin token and user ID (obtained in the Authentication and User Management section - Android, iOS, React Native ) can be used to obtain a token for managing the user. This token is unique for each user, and, of course, can be used to manage the information of the user to whom the token belongs. To obtain a token follow the steps below:

  1. Get an admin token using your Client ID and Client Secret:

post
/api/v1/company/access-token
Authorizations
AuthorizationstringRequired

Provide a JWT Bearer

Body
clientIdstring Β· min: 1Required
clientSecretstring Β· min: 1Required
Responses
chevron-right
200

Success

application/json
tokenstring Β· nullableOptional
post
/api/v1/company/access-token
200

Success

hashtag
Header Request Parameters

Not Header Parameter required

hashtag
Request Body Parameters

clientId: the Client ID in auth.json.

clientSecret: the Client Secret in auth.json.

NOTE: If you do not have the auth.json fie, please contact our technical support.

hashtag
Response

token: the admin token with which you can obtain a user token as an admin.

  1. Use the obtained admin token and user ID created in the Authentication and User Management section (Android, iOS, React Native) to get a user token:

post
Authorizations
AuthorizationstringRequired

Provide a JWT Bearer

Body
userIdinteger Β· int64Required
Responses
chevron-right
200

Success

application/json
tokenstring Β· nullableOptional
post
/api/v2/User/client-token
200

Success

hashtag
Header Request Parameters

Admin Authentication Bearer Token

hashtag
Request Body Parameters

userId: the user ID for which you want to receive an authentication token.

hashtag
Response

token: the token with which you can access the rest of the app API endpoints.

PreviousAPI DocumentationNextUser

Last updated