Documentation

Documentation

Authentication via messengers instead of SMS — no per-message costs. Every authenticated user becomes reachable for notifications by phone number through the same bots. The system picks the right messenger automatically; you control the priority.

Hosted Login — redirect-based flow

The simplest integration. Redirect the user to our hosted page, we handle the UI, and redirect back with a session ID.

Flow

Your site redirects the user to:

https://id.antirius.com/login/YOUR_APP_ID?return_url=https://yoursite.com/callback

The hosted page embeds the standard widget with poll_type: "status" — it only polls session status (and messenger_opened), then redirects when status becomes confirmed.

The user opens the messenger and confirms login via the bot.

After successful auth, the user is redirected to your callback URL with session_id:

https://yoursite.com/callback?session_id=SESSION_ID

Your backend calls GET /api/v1/auth/session/{session_id}?type=full once to obtain JWT and user data (this consumes the session).

GET https://id.antirius.com/api/v1/auth/session/SESSION_ID?type=full

// Response (confirmed, first full poll):
{
  "status": "confirmed",
  "poll_type": "full",
  "token": "eyJhbG...",
  "user": {
    "_id": "...",
    "user_id": "...",
    "first_name": "...",
    "username": "..."
  },
  "app_id": "YOUR_APP_ID"
}

The hosted login page uses the same widget.js as on your site. You do not need a separate UI — only poll_type: "status" and return_url in init.

Callback example

# Hosted Login — redirect flow

# 1. Redirect user to hosted page (return_url must be in Allowed domains)
window.location.href = 'https://id.antirius.com/login/YOUR_APP_ID?return_url='
  + encodeURIComponent('https://yoursite.com/callback');

# 2. On callback — exchange session_id for JWT (once, type=full)
# GET https://yoursite.com/callback?session_id=SESSION_ID

const sessionId = new URLSearchParams(location.search).get('session_id');
const res = await fetch(
  'https://id.antirius.com/api/v1/auth/session/' + sessionId + '?type=full'
);
const { token, user } = await res.json();

# Hosted page uses the same widget with poll_type: "status" (you do not embed this on your site):
# AuthBotsWidget.init({ app_id: '...', poll_type: 'status', return_url: '...' });

Add each site origin (scheme + host of your callback) to Allowed domains in the cabinet. The default Redirect URL (Hosted Login tab) and any return_url query parameter must use a host from that list; otherwise the service returns 400.