AurionAI Docs

End-User API

Authentication and APIs for mobile app and widget end-users.

End-User API

The End-User API powers the Aurion mobile app and web widget. It provides authentication, ticket management, and voice call access for end-users (requesters/contacts) — separate from the admin API key authentication.

Authentication

End-users authenticate with JWT tokens (not API keys). The authentication flow supports multiple methods.

SSO Authentication

For organizations using SSO (Azure AD, Google, Okta, Microsoft):

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/sso" \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "azure_ad",
    "id_token": "eyJhbGciOiJSUz...",
    "tenant_id": "your-tenant-id"
  }'

Response (200 OK):

{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_abc123...",
  "expires_in": 3600,
  "user": {
    "id": "usr_456",
    "name": "Jane Smith",
    "email": "jane@example.com"
  }
}

Supported SSO Providers:

ProviderValue
Azure ADazure_ad
Googlegoogle
Oktaokta
Microsoftmicrosoft

Password Login

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "password": "user_password",
    "tenant_id": "your-tenant-id"
  }'

Request a passwordless login link via email:

Request magic link
curl -X POST "https://apps.aurionai.net/api/v1/app/auth/magic-link" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com",
    "tenant_id": "your-tenant-id"
  }'
Verify magic link
curl -X POST "https://apps.aurionai.net/api/v1/app/auth/magic-link/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "token": "ml_token_from_email"
  }'

Refresh Token

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "rt_abc123..."
  }'

Logout

Revoke the current session:

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/logout" \
  -H "Authorization: Bearer eyJhbGciOi..."

Returns 204 No Content on success.

Set Password

Set or update the end-user's password (requires a valid JWT):

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/set-password" \
  -H "Authorization: Bearer eyJhbGciOi..." \
  -H "Content-Type: application/json" \
  -d '{
    "new_password": "NewSecure1Pass"
  }'

Password must be at least 8 characters and contain an uppercase letter, a lowercase letter, and a digit.

Google Sign-In

Platform-level Google authentication for end-users. If the user matches multiple tenants, the response includes a tenant list for selection.

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/login/google" \
  -H "Content-Type: application/json" \
  -d '{
    "id_token": "eyJhbGciOiJSUz...",
    "platform": "ios"
  }'

If requires_tenant_selection is true in the response, call the tenant selection endpoint:

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/login/google/select-tenant" \
  -H "Content-Type: application/json" \
  -d '{
    "id_token": "eyJhbGciOiJSUz...",
    "tenant_slug": "acme-corp",
    "platform": "ios"
  }'

Microsoft Sign-In

Platform-level Microsoft authentication for end-users. Same multi-tenant flow as Google.

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/login/microsoft" \
  -H "Content-Type: application/json" \
  -d '{
    "id_token": "eyJhbGciOiJSUz...",
    "platform": "android"
  }'

If requires_tenant_selection is true, call the tenant selection endpoint:

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/login/microsoft/select-tenant" \
  -H "Content-Type: application/json" \
  -d '{
    "id_token": "eyJhbGciOiJSUz...",
    "tenant_slug": "acme-corp",
    "platform": "android"
  }'

Tenant Resolution

Resolve which tenant a user belongs to from their email domain:

curl -X POST "https://apps.aurionai.net/api/v1/app/auth/resolve" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@example.com"
  }'

SSO Configuration

Get the SSO providers configured for a tenant:

curl "https://apps.aurionai.net/api/v1/app/auth/sso-config?tenant_id=your-tenant-id"

Rate Limits

EndpointLimit
SSO authenticate10/minute
Password login3/minute
Magic link request5/minute
Magic link verify10/minute
Refresh token10/minute
Tenant resolution20/minute
Google sign-in10/minute
Microsoft sign-in10/minute

End-User Tickets

Authenticated end-users can manage their own tickets.

List My Tickets

curl "https://apps.aurionai.net/api/v1/app/tickets?status=open&limit=10" \
  -H "Authorization: Bearer eyJhbGciOi..."

Create Ticket

curl -X POST "https://apps.aurionai.net/api/v1/app/tickets" \
  -H "Authorization: Bearer eyJhbGciOi..." \
  -H "Content-Type: application/json" \
  -d '{
    "subject": "Cannot access email",
    "description": "My Outlook keeps showing a connection error."
  }'

Reply to Ticket

Reply with optional file attachments (max 5 files, 15 MB each):

curl -X POST "https://apps.aurionai.net/api/v1/app/tickets/1042/reply" \
  -H "Authorization: Bearer eyJhbGciOi..." \
  -F "body=Here is a screenshot of the error" \
  -F "file=@screenshot.png"

Reopen Ticket

curl -X POST "https://apps.aurionai.net/api/v1/app/tickets/1042/reopen" \
  -H "Authorization: Bearer eyJhbGciOi..."

End-User Voice

Start a voice call session from the mobile app or widget.

Get Voice Token

Generate a LiveKit participant token for a voice call:

curl -X POST "https://apps.aurionai.net/api/v1/app/voice/token" \
  -H "Authorization: Bearer eyJhbGciOi..."

Response:

{
  "token": "livekit_participant_token",
  "room_name": "room_abc123",
  "participant_identity": "usr_456",
  "ws_url": "wss://lk-staging.aurionai.net"
}

Use this token with the LiveKit Client SDK to join the voice room.

End-User Attachments

Upload Attachment

Upload a file to attach to a ticket:

curl -X POST "https://apps.aurionai.net/api/v1/app/tickets/1042/attachments" \
  -H "Authorization: Bearer eyJhbGciOi..." \
  -F "file=@document.pdf"

All uploads are scanned for malware. Blocked file types and dangerous byte signatures are rejected.

Download Attachment

curl "https://apps.aurionai.net/api/v1/app/attachments/att_123?ticket_id=1042" \
  -H "Authorization: Bearer eyJhbGciOi..."

Attachment Limits

LimitValue
Max file size15 MB
Max files per reply5
Blocked extensions.exe, .bat, .cmd, .ps1, .vbs, .js, .msi
Upload rate limit10/minute

Authentication Note

End-user endpoints use JWT Bearer tokens (not API keys). Tokens are issued via the auth endpoints above (/api/v1/app/auth/*). Access tokens expire after 1 hour; use refresh tokens to obtain new ones.

Usage & Billing

Track API usage, voice minutes, and billing data via the Aurion API.

Webhooks

Receive real-time event notifications from the Aurion API via webhooks.

On this page

End-User APIAuthenticationSSO AuthenticationPassword LoginMagic LinkRefresh TokenLogoutSet PasswordGoogle Sign-InMicrosoft Sign-InTenant ResolutionSSO ConfigurationRate LimitsEnd-User TicketsList My TicketsCreate TicketReply to TicketReopen TicketEnd-User VoiceGet Voice TokenEnd-User AttachmentsUpload AttachmentDownload AttachmentAttachment LimitsRelated GuidesAuthentication Note