Authentication API
Authentication API
Quasr as an OAuth2 authorization server implementation provides an OAuth2 (and OpenID Connect) API according to specs.
The API endpoint is https://{tenant_id}.api.quasr.io
The OpenID Connect Discovery document is at https://{tenant_id}.api.quasr.io/.well-known/openid-configuration
Postman Collection
API documentation and a Postman collection are available at https://documenter.getpostman.com/view/18129777/UVXgMHEv
Caching
To offload the API we cache the below - generally highly static - API responses using a global CDN.
GET factors (without session)
200
1 day
GET controls (without session)
200
1 day
GET accounts/{account_id}
200
1 day
GET .well-known/openid-configuration
200
1 month
GET .well-known/jwks.json
200
1 month
GET oidc1/userinfo
200
5 min
GET *
400 / 401
5 min
There's no need to try to bypass the CDN cache as the cached entries are automatically and immediately invalidated upon relevant changes. We've also designed our services as such to make it difficult to bypass the cache.
Rate Limits
The API is rate limited per individual endpoint to assure bandwidth availability across all endpoints.
GET .well-known/openid-configuration
GET .well-known/jwks.json
GET controls
GET factors
POST controls ("signup")
POST factors ("login")
GET controls (session)
GET factors (session)
POST controls (session)
POST factors (session)
GET oauth2/authorize
POST oauth2/token
GET oauth2/callback
POST oauth2/callback
GET oidc1/userinfo
POST oidc1/userinfo
If you exceed 300 requests in 5 min from a single IP address it will be temporarily blocked until you reduce your rate (this can sometimes take a couple minutes). This limitation can be relevant for large shared networks or back-end integrations that operate via fixed IP.
We block IPs that are listed as either malicious or actively engaged in reconnaissance or DDOS activities (AWS IP reputation list).
Last updated