Basic

The simplest way to authenticate with the AcceleratXR backend is using Basic authentication via the /auth/password REST API endpoint or via one of the Login() functions in CoreSDK. This endpoint supports authentication using an account’s stored password, api key or device.

The below example shows how to authenticate using this method using a user’s unique name and password.

CoreSDK->LoginPassword(_XPLATSTR("username"), _XPLATSTR("password")).then([](pplx::task<void> task)
{
    try
    {
        // Force the exception to be re-thrown if an error occurred.
        task.get();
    }
    catch (const axr::sdk::Exception& e)
    {
        // Handle error here
    }
});

A successful authentication request will return a valid access token and cookie, or return without an error when using the SDK. Access tokens are typically valid for one hour before they must be refreshed.

Multi-factor Challenge

For users that have enabled multi-factor authentication on their account they may be prompted to enter a time-based one-time password (TOTP) code to retrieve the final access token. The system notifies the user of this requirement by returning a CHALLENGE token after the initial request succeeds. The user then must follow up the initial request with a call to the /auth/totp endpoint or by using the CoreSDK.LoginTotp() function in the SDK.

When calling the the TOTP endpoint the challenge token must be provided in addition to the TOTP code as generated by the user’s registered authenticator app or device.

CoreSDK->SetTotpChallengeCallback(CoreSDK->CreateTask([]()
{
    utility::string_t code;
    // TODO Prompt user to enter TOTP code
    return code;
}));
CoreSDK->LoginPassword(_XPLATSTR("username"), _XPLATSTR("password")).then([](pplx::task<void> task)
{
    try
    {
        // Force the exception to be re-thrown if an error occurred.
        task.get();
    }
    catch (const axr::sdk::Exception& e)
    {
        // Handle error here
    }
});