# Authentication ## Log in to the user account - [POST /blaize/login](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/loginuseraccount.md): This endpoint is utilized for user authentication, granting access to secured endpoints that mandate authentication. Following successful authentication, a blaize_session is generated for the user, enabling them to access the secure endpoints. ## Log out of the user account - [POST /blaize/logout](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/logoutuseraccount.md): Logs out of the user account. ## Retrieve the SSO status - [GET /zephr/public/sso/v1/status](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/retrievessostatus.md): Retrieves the SSO status and metadata of the current user. ## Update the metadata - [PUT /zephr/public/sso/v1/status/meta](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/updatemetadata.md): Updates the SSO metadata associated with the user. ## Start the passwordless authentication flow - [POST /blaize/token-exchange](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startpasswordlessauthentication.md): Starts the passwordless authentication flow by sending an email to the user with a sign-in link. When the user clicks the link, they are directed to GET /blaize/token-exchange?token=..., which authenticates them automatically. IMPORTANT: Passwordless authentication requires the user's email to be verified. This means the user must first receive a separate verification email and click the link to confirm their email address. Verification can be triggered by sending a POST request to the appropriate endpoint. ## Completes the passwordless authentication flow - [GET /blaize/token-exchange](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/completepasswordlessauthentication.md): Completes the passwordless authentication flow. This endpoint is triggered when the the user clicks the link in the email sent after a POST /blaize/token-exchange request. IMPORTANT: For passwordless authentication, first is required to send a POST to request an email to be sent to the User’s email with a link for the user to click on to verify his email. ## Complete a 2FA based password reset - [POST /zephr/users/reset/{state}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/complete2fapasswordreset.md): Completes the password reset. IMPORTANT: To reset a user's password, first send a POST request to trigger an email with a reset token. This token must be included in the state parameter when calling this API. The validator parameter is optional, if omitted, the OTP can be verified first, and the new password can be submitted separately with the correct OTP. ## Return the password reset form - [GET /blaize/blaize/password-reset.html](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/resetpasswordform.md): Returns the password reset form ## Create an anonymous session - [POST /blaize/anonymous-session](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/createanonymoussession.md): Creates an anonymous session. ## Start updating the current email address - [POST /blaize/users/update-email](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startupdatingyourcurrentemailaddress.md): Starts updating user's current email address. ## Start updating the current email address - [POST /zephr/users/update-email](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startupdatingyourcurrentzephremailaddress.md): Updates the user's email address. The user will receive an email with a one-time password (OTP) to verify the new email address. In order to finish the process, the user must provide the OTP to the _/zephr/users/update-email/{otp}_ endpoint. The difference between this endpoint and the _/blaize/users/update-email_ endpoint is that this endpoint requires the extra layer of authentication through the required validator. ## Complete updating the current email address - [POST /zephr/users/update-email/{otp}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/completeupdatingyourcurrentzephremailaddress.md): Completes updating the user's email address. The user must provide the OTP received in the email to verify the new email address. The difference between this endpoint and the _/blaize/users/update-email/_ endpoint is that this endpoint requires the extra layer of authentication through the required validator. ## Return the update email request form - [GET /blaize/update-email.html](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/updateemailrequestform.md): Returns the update email request Form. ## Change the user password - [POST /blaize/users/change-password](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/changepassword.md): Changes the user password. ## Start a 2FA password reset - [POST /zephr/users/reset](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startpasswordreset.md): Starts the password reset for a 2FA user. This will send an email to the user with a 6 digit code, which can then be used to reset their password. ## Change the user's password - [POST /zephr/users/change-password](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/changezephruserpassword.md): This endpoint starts the process of changing a user's password. An active user session is required for this endpoint. This process ends with an OTP (One-time password) being sent to the user's email address.