| Exists | Method | URI | Auth filtered? | Body | Parameters | Return value | Description | Differences (from existing methods) |
|---|---|---|---|---|---|---|---|---|
 | POST | /session |  | LoginCredentials | Session | Normal login | Does not fail if the user has not signed the terms of use. Instead, a boolean is returned along with the session token. The client can use that boolean to throw a TermsOfUseException. Note: trying to make an authenticated request will still fail if the terms haven't been accepted. Terms ofuse cannot be signed here. | |
| PUT | /session | | Session | Revalidates a session token. No longer necessary, but removal will break the analytical clients. | Note: This will still fail (403) if the user has not signed the terms of use. | ||
| DELETE | /session | | Invalidated token | ||||
| POST | /user | | NewUser | sendPasswordmail=true (Not implemented yet) | Creates a new user | No longer goes through the auth filter. This was originally done because GET /user was filtered. Parameter will let the client specify if Synapse should sent a "Welcome" email or a "Set your password" email. | |
| POST | /user/password | | ChangePasswordRequest | Changes the user's password, regardless of whether they have accepted the terms of use | Replaces /changePassword and /registeringUserPassword | ||
| POST | /user/password/email | | Username | Sends a password reset email (containing a session token) | Replaces /registeringUserEmail, /userPasswordEmail, and /apiPasswordEmail | ||
| POST | /termsOfUse | | Session | Accepts the terms of use via a session token | New method | ||
| GET | /secretKey | | SecretKey | Gets the user's API key | |||
| DELETE | /secretKey | | Invalidates the user's API key | ||||
| POST | /openIdCallback | | (OpenID params) acceptsTermsOfUse=false createUserIfNecessary=false | Session | Login via OpenID, with options to create a new user and sign the terms of use | Terms ofuse cannot be signed here. |
...