-
-
Notifications
You must be signed in to change notification settings - Fork 28
user HTTP API
The user REST API provides access to login, register, etc.
Some of these endpoints require authentication by including the header Authorization: Bearer <access-token>, the access token can be retrieved using the login endpoint.
The base path for all endpoints is https://domestic.mammotion.com/user-server/v1/.
The body for POST/PUT requests is JSON unless otherwise specified.
Most of this information is extracted from the com.agilexrobotics.api package of the APK.
Query parameters: username=<email>&password=<password>&client_id=MADKALUBAS&client_secret=GshzGRZJjuMUgd2sYHM7&grant_type=password (where <email> and <password>
Each param is encrypted using AES within the app, using the encrypt function and fixed AES_PASW, IV which are generated from a random string. -- This is from the app
plain text works perfectly fine as well.
e.g encrypt(str, "OF61W0RAZN07BIW8", "9432132788568733");
// encrypt function
SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(), BreezeCipher.ALGORITHM_AES);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(1, secretKeySpec, new IvParameterSpec(str3.getBytes()));
return Base64.encodeToString(cipher.doFinal(str.getBytes()), 2);Response body (if successful):
{
"code": 0,
"data": {
"access_token": "<access_token>",
"token_type": "bearer",
"refresh_token": "<refresh_token>",
"expires_in": 1295999,
"scope": "read",
"grant_type": "password",
"authorization_code": "<authorization_code>",
"userInformation": {
"areaCode": "SWE",
"domainAbbreviation": "SE",
"email": "<email>",
"gender": "0",
"userId": "<userId>"
},
"jti": "<jti>"
},
"msg": "Request success"
}Query parameters: email=<email> (where <email> is the users email in plain text)
Response body:
{
"code": 0,
"data": true,
"msg": "Request success"
}As a side-effect an email with a code will be sent to the specified address.
Response body:
{
"code": 0,
"data": [
{
"areaCnName": "美国",
"areaEnName": "United States of America",
"code": "1",
"domainAbbreviation": "US",
"id": "1524591956582207515",
"isoCode": "USA",
"pinyin": "MeiGuo"
},
...and many more...
],
"msg": "Request success"
}Body:
{
"areaCode": "<areaCode>",
"email": "<email>",
"fullName": "<name>",
"password": "<password",
"verificationCode": <verification_code>
}(where <email>, <name> and <password> are in plain text as specified by the user, <verification_code> is the code sent by email using the request registration code endpoint, and <areaCode> is a code from the isoCode property returned by the previous endpoint)
Response body (on success):
{
"code": 0,
"data": {
"areaCode": "<areaCode",
"createTime": "<createTime>",
"domainAbbreviation": "SE",
"email": "<email>",
"id": "<id?>",
"registerTime": "<registerTime>",
"userId": "<userId>"
},
"msg": "Request success"
}Response body (invalid area code):
{
"code": 500,
"msg": "Area information does not exist."
}Response body (invalid password format):
{
"code": 40302,
"msg": "The password needs 8-16 digits, including at least any two types of letters, numbers and special characters."
}Response body (invalid verification code):
{
"code": 40200,
"msg": "The verification code is invalid or expired, please reacquire"
}Requires authentication.
Response body (if logged in):
{
"code": 0,
"data": true,
"msg": "Request success"
}All pages in this wiki are licensed under the Apache License 2.0