v1.4 Release notes
| Release Date | Date no longer supported |
|---|---|
| 2023-04-01 | 2024-04-01 |
What's new in v1.4
CreativeGroup's final_landing_url field is deprecated
final_landing_url field is deprecatedfinal_landing_url is no longer supported.
Please use landing_url instead of final_landing_url.
Password rule update
Until v1.3, password must be at least 8 characters and contain at least one number, letter, or special character.
From v1.4, password must be at least 12 characters and contain at least one number, uppercase letter, lowercase letter and special character.
Sample response:
{
"code": 3,
"message": "From v1.4, password must be at least 12 characters and contain at least one number, uppercase letter, lowercase letter and special character. code = InvalidArgument [id:IzoDppH39IFFElbz]",
"details": [
{
"@type": "type.googleapis.com/api.adcloud.common.APIErrorInfo",
"error_log_id": "IzoDppH39IFFElbz",
"reason": "USER_INVALID_PASSWORD",
"context": {
"field": "new_password"
}
}
]
}
Password expiration
Each password is valid for only 1 year. If user try to issue a new token using CreateToken API, for users who didn't change password over 1 year can get a new type of token: UPDATE_PASSWORD_TOKEN which can be only used for UpdatePassword API
Sample response:
// Response when password expired
{
"token": "sample_token",
"token_type": "UPDATE_PASSWORD_TOKEN"
}
// Response on auth success
{
"token": "sample_token",
"token_type": "AUTH_TOKEN"
}
Password reuse prohibition
We don't allow reusing previous password on updating password.
If users try to update the password as same as the previous password, then UpdatePassword API will return error response with USER_CANNOT_USE_PREVIOUS_PASSWORD code.
Sample response:
{
"code": 3,
"message": "From v1.4, the previous password cannot be reused code = InvalidArgument [id:SVxZyoPoyV2wYKfM]",
"details": [
{
"@type": "type.googleapis.com/api.adcloud.common.APIErrorInfo",
"error_log_id": "SVxZyoPoyV2wYKfM",
"reason": "USER_CANNOT_USE_PREVIOUS_PASSWORD",
"context": {
"field": "new_password"
}
}
]
}
UpdatePassword API endpoint update
UpdatePassword API endpoint URI is changed.
v1.3: https://api.moloco.cloud/cm/v1/auth/users/{user_id}/password
v1.4: https://api.moloco.cloud/cm/v1/auth/password
For the new endpoint, new password policies will be applied.
Token expiration
Auth token is valid for 1 hour, and it can be extended by RefreshToken API.
You could permanently extend the token permanently so far.
However, from v1.4 to enhance the security, we decided to limit maximum extendable period as 30days.
If you try refreshing token which is over 30days, RefreshToken API will return TOKEN_EXPIRED error.
Sample response:
{
"code": 3,
"message": "From v1.4, token cannot be refreshed over 30days. Please try login again code = InvalidArgument [id:SUmoyiGsZQ2V4So0]",
"details": [
{
"@type": "type.googleapis.com/api.adcloud.common.APIErrorInfo",
"error_log_id": "SUmoyiGsZQ2V4So0",
"reason": "TOKEN_EXPIRED",
"context": {
"field": "token"
}
}
]
}
Login block after 5 failed attempts
Once user failed to login for 5 consecutive times, user account may locked and disallowed to login for 15 minutes. If user try to login again while locked status, CreateToken API will return USER_ACCOUNT_BLOCKED error.
Sample response:
{
"code": 16,
"message": "You've unsuccessfully tried to log in too many times. Try again in \"5\" minutes or reset your passwords. code = Unauthenticated [id:hXfIAvF9c8Kyt8LV]",
"details": [
{
"@type": "type.googleapis.com/api.adcloud.common.APIErrorInfo",
"error_log_id": "hXfIAvF9c8Kyt8LV",
"reason": "USER_ACCOUNT_BLOCKED",
"context": {
"remain_minutes": "5"
}
}
]
}