Quickstart
Get from zero to an authenticated Consumer portal session using the WEB chain. This guide walks through registration, Secure Channel bootstrap, login, and a first API call.
Prerequisites
- API running at
http://127.0.0.1:18020/prometheus - A Consumer portal access code
- curl or any HTTP client
Step 1: Establish a Secure Channel session
1a. Get the server's RSA public key
bash
curl http://127.0.0.1:18020/prometheus/web/v1/consumer/secure-channel/public-key \
-H "Content-Type: application/json" \
-H "X-Client-Hash: quickstart-test" \
-H "X-Request-Id: $(uuidgen)" \
-H "CF-Connecting-IP: 127.0.0.1" \
-H "Cf-Ray: quickstart-$(date +%s)-DEV" \
-H "cf-ipcountry: US" \
-H "X-Forwarded-Proto: https" \
-H "User-Agent: quickstart/1.0"Save the keyId and publicKey from the response.
1b. Create a Secure Channel session
Generate two random AES-256 keys (one for requests, one for responses), encrypt each with the RSA public key, then submit:
bash
curl -X POST http://127.0.0.1:18020/prometheus/web/v1/consumer/secure-channel/session \
-H "Content-Type: application/json" \
-H "X-Client-Hash: quickstart-test" \
-H "X-Request-Id: $(uuidgen)" \
-H "CF-Connecting-IP: 127.0.0.1" \
-H "Cf-Ray: quickstart-$(date +%s)-DEV" \
-H "cf-ipcountry: US" \
-H "X-Forwarded-Proto: https" \
-H "User-Agent: quickstart/1.0" \
-d '{
"keyId": "{keyId}",
"encReqKey": "<base64-rsa-encrypted-aes-request-key>",
"encRespKey": "<base64-rsa-encrypted-aes-response-key>"
}'Save the sessionId — you will pass it as X-SC-Session-Id on encrypted requests.
Step 2: Register a new account (Consumer-specific)
Consumer is the only portal with self-registration:
bash
curl -X POST http://127.0.0.1:18020/prometheus/web/v1/consumer/auth/register/initiate \
-H "Content-Type: application/json" \
-H "X-PORTAL-ACCESS-CODE: {your-access-code}" \
-H "X-Client-Hash: quickstart-test" \
-H "X-SC-Session-Id: {session-id}" \
-H "X-Request-Id: $(uuidgen)" \
-H "CF-Connecting-IP: 127.0.0.1" \
-H "Cf-Ray: quickstart-$(date +%s)-DEV" \
-H "cf-ipcountry: US" \
-H "X-Forwarded-Proto: https" \
-H "User-Agent: quickstart/1.0" \
-d '{"email":"user@example.com","password":"Str0ngP@ss!"}'After registration, complete the flow by sending the verification code received via email.
Step 3: Login
bash
curl -X POST http://127.0.0.1:18020/prometheus/web/v1/consumer/auth/login/initiate \
-H "Content-Type: application/json" \
-H "X-PORTAL-ACCESS-CODE: {your-access-code}" \
-H "X-Client-Hash: quickstart-test" \
-H "X-SC-Session-Id: {session-id}" \
-H "X-Request-Id: $(uuidgen)" \
-H "CF-Connecting-IP: 127.0.0.1" \
-H "Cf-Ray: quickstart-$(date +%s)-DEV" \
-H "cf-ipcountry: US" \
-H "X-Forwarded-Proto: https" \
-H "User-Agent: quickstart/1.0" \
-d '{"email":"user@example.com","password":"Str0ngP@ss!"}'If MFA is required, send the verification code and complete the login. The response returns accessToken and refreshToken.
Step 4: Fetch your profile
bash
curl http://127.0.0.1:18020/prometheus/web/v1/consumer/profile \
-H "Authorization: Bearer {accessToken}" \
-H "X-PORTAL-ACCESS-CODE: {your-access-code}" \
-H "X-Client-Hash: quickstart-test" \
-H "X-Request-Id: $(uuidgen)" \
-H "CF-Connecting-IP: 127.0.0.1" \
-H "Cf-Ray: quickstart-$(date +%s)-DEV" \
-H "cf-ipcountry: US" \
-H "X-Forwarded-Proto: https" \
-H "User-Agent: quickstart/1.0"Required Headers Summary
Every WEB request needs these gateway headers:
| Header | Description |
|---|---|
X-PORTAL-ACCESS-CODE | Portal access code |
X-Client-Hash | Client device fingerprint |
X-Request-Id | Unique request identifier (UUID) |
CF-Connecting-IP | Client IP address |
Cf-Ray | Cloudflare ray ID |
cf-ipcountry | Client country code |
X-Forwarded-Proto | Protocol (https) |
User-Agent | Client user agent |
Add these as needed:
| Header | When needed |
|---|---|
X-SC-Session-Id | Endpoints requiring Secure Channel |
Authorization: Bearer <jwt> | Authenticated endpoints |