Authentication flows for EU and INTL regions.
← Back to API Reference · Common Patterns
Multi-step OAuth flow via Gigya identity provider.
┌─────────────┐ ┌──────────────────┐ ┌───────────────────────┐ ┌────────────────────┐
│ Step 1 │ │ Step 2 │ │ Step 3 │ │ Step 4 │
│ Login │ ──► │ Get JWT │ ──► │ Exchange Token │ ──► │ Session Exchange │
│ auth.smart │ │ auth.smart │ │ awsapi.future.smart │ │ api.ecloudeu │
└─────────────┘ └──────────────────┘ └───────────────────────┘ └────────────────────┘
POST https://auth.smart.com/accounts.login
Content-Type: application/x-www-form-urlencodedRequest (form-encoded):
| Parameter | Value |
|---|---|
loginID |
User email |
password |
User password |
apiKey |
Gigya API key |
targetEnv |
jssdk |
include |
profile,data,emails |
includeUserInfo |
true |
Response:
{
"UID": "abc123...",
"UIDSignature": "...",
"signatureTimestamp": "1706028240"
}POST https://auth.smart.com/accounts.getJWT
Content-Type: application/x-www-form-urlencodedRequest (form-encoded):
| Parameter | Value |
|---|---|
UID |
From step 1 |
UIDSignature |
From step 1 |
signatureTimestamp |
From step 1 |
apiKey |
Gigya API key |
Response:
{
"id_token": "eyJ..."
}POST https://awsapi.future.smart.com/.../oauth/token
Content-Type: application/jsonRequest:
{
"grant_type": "authorization_code",
"code": "{id_token from step 2}"
}Response:
{
"access_token": "...",
"refresh_token": "..."
}POST https://api.ecloudeu.com/auth/account/session/secure?identity_type=smart
Content-Type: application/jsonRequest:
{
"accessToken": "{access_token from step 3}"
}Response:
{
"code": 1000,
"data": {
"accessToken": "api_access_token_here",
"refreshToken": "api_refresh_token_here",
"userId": "12345"
}
}Result: api_access_token, api_refresh_token, and userId are stored in the Account model for all subsequent requests.
Simplified direct login flow for international regions (Israel, APAC, etc.).
┌─────────────────────┐ ┌─────────────────────┐ ┌─────────────────────┐
│ Step 1 │ │ Step 2 │ │ Step 3 │
│ Login │ ──► │ Authorize │ ──► │ Session Exchange │
│ sg-app-api.smart │ │ sg-app-api.smart │ │ apiv2.ecloudeu │
└─────────────────────┘ └─────────────────────┘ └─────────────────────┘
POST https://sg-app-api.smart.com/iam/service/api/v1/login
Content-Type: application/json
X-Ca-Key: 204587190
X-App-Id: SmartAPPGlobalRequest:
{
"email": "user@example.com",
"password": "password123"
}Response:
{
"code": 200,
"data": {
"userId": "12345",
"loginToken": "token_here",
"clientId": "client_id_here"
}
}POST https://sg-app-api.smart.com/iam/service/api/v1/oauth/authorize
Content-Type: application/json
X-Ca-Key: 204587190
X-App-Id: SmartAPPGlobalRequest:
{
"loginToken": "{loginToken from step 1}",
"clientId": "{clientId from step 1}"
}Response:
{
"code": 200,
"data": {
"authCode": "auth_code_here"
}
}POST https://apiv2.ecloudeu.com/auth/account/session/secure?identity_type=smart-israel
Content-Type: application/json
x-app-id: SMARTAPP-ISRAEL
x-operator-code: SMART-ISRAEL
x-signature: {hmac_signature}Note: This request uses signed headers (see Common Patterns) but does not include an
authorizationheader (no token yet).
Request:
{
"authCode": "{authCode from step 2}",
"userId": "{userId from step 1}",
"deviceId": "{device_id}"
}Response:
{
"code": 1000,
"data": {
"accessToken": "api_access_token_here",
"refreshToken": "api_refresh_token_here",
"userId": "12345"
}
}Result: api_access_token, api_refresh_token, and userId are stored in the Account model.
- Common Patterns — Signing
- Source:
auth.py