# Authentication ## Overview **Authentication** defines how menta identifies a user during resale interactions. User identity is needed to: * Retrieve the correct ticket inventory for resale * Ensure only legitimate users can list or buy tickets * Enforce resale rules tied to user accounts * Guarantee secure, compliant resale operations **menta tech** supports three authentication mechanisms. Unlike other sections, these mechanisms **are not mutually exclusive**. * Most integrations implement both **Login Trust** and **Login Force** together. * If neither is available, menta provides a fallback authentication method using **OTP**. ## Why authentication matters Authentication ensures that: * Resale actions are tied to the right user. * Only actual owners can list tickets. * Only authenticated users can buy tickets. * Primary ticketing identity rules are honored. * Downstream operations (delivery, reporting, compliance) stay consistent. **A valid, verified user identity is required for every resale action.** --- ## Authentication Models — Comparison {% table highlight-first=true %} | Model | Purpose | Where It Applies | Notes | | :--- | :--- | :--- | :--- | | **Login Trust** | The partner tells menta who the authenticated user is. | Used whenever resale is accessed by a logged-in user. | Provides the smoothest experience. | | **Login Force** | Requires users buying on resale to sign in or create an account. | Applied in purchase flows. | Ensures all resale buyers have a partner account. | | **menta OTP Authentication** | menta authenticates users with a one-time code. | Used only when Login Trust/Force are not implemented. | Suitable for guest or accountless platforms. | {% /table %} --- {% conditionaltabs id="tabs-1765468408434" %} {% tab label="Login Trust" %} ## Login Trust ### Description In Login Trust, the user is already authenticated in your platform (web or app). In this case, every time you generate a URL to take your user to a purchase or sell flow managed by menta tech, you must specify the user identity, either email or phone number, when creating the URL via the HTTP endpoint. {% diagram type="sequence" height="400px" %} { "nodes": [ { "id": "actor-1", "type": "sequence-actor", "position": { "x": 36.66666666666666, "y": 30.063149335941404 }, "data": { "label": "User", "accentColor": "#8b5cf6", "lifelineHeight": 320 } }, { "id": "actor-2", "type": "sequence-actor", "position": { "x": 260, "y": 30 }, "data": { "label": "Your Platform", "accentColor": "#f97316", "lifelineHeight": 320 } }, { "id": "actor-3", "type": "sequence-actor", "position": { "x": 501.1078337971647, "y": 28.666666666666664 }, "data": { "label": "menta tech", "accentColor": "#3b82f6", "lifelineHeight": 320 } }, { "id": "msg-1", "type": "sequence-message", "position": { "x": -1.6666666666666856, "y": 101.49999999999999 }, "data": { "label": "Wants to buy or sell" } }, { "id": "msg-1765910935647", "type": "sequence-message", "position": { "x": 180.27508014861763, "y": 168.15989697777204 }, "data": { "label": "Generate buy or sell URL \nspecifying the user's email" } }, { "id": "msg-1765911134978", "type": "sequence-message", "position": { "x": 450.8424675717367, "y": 246.82261851691868 }, "data": { "label": "Returns URL with a single-use\nsession token", "isReturn": true } }, { "id": "msg-1765911217230", "type": "sequence-message", "position": { "x": -20.236230318487458, "y": 322.26699190089283 }, "data": { "label": "Enters to buy or sell\nautomatically authenticated" } } ], "edges": [ { "id": "edge-1765910902184", "source": "msg-1", "target": "actor-2", "sourceHandle": null, "targetHandle": "h-2", "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerEnd": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 } }, { "id": "edge-1765910958910", "source": "msg-1765910935647", "target": "actor-3", "sourceHandle": null, "targetHandle": "h-8", "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerEnd": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 } }, { "id": "edge-1765911239535", "source": "msg-1765911217230", "target": "actor-3", "sourceHandle": null, "targetHandle": "h-20", "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerEnd": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 } }, { "id": "edge-1765939085504", "source": "actor-1", "target": "msg-1765911134978", "sourceHandle": "s-14", "targetHandle": null, "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "label": "Receives URL", "markerStart": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 }, "data": { "isReversed": true } } ] } {% /diagram %} Common fields include: - userId (preferred unique identifier) - email or phone number (depending on the partner identity model) menta does not perform additional authentication. The partner authentication is fully trusted. ### When to use it - Whenever the resale experience is accessed by authenticated users. - When the partner has a stable login/session system. - When a smooth user experience is required. ### Key characteristics - Users never see an additional login prompt. - Identity is fully controlled by the partner. - Ideal for deeply integrated resale experiences. {% /tab %} {% tab label="Login Force" %} ## Login Force ### Description Login Force ensures all resale buyers have a valid account on the partner platform. If a user starts a resale purchase without being authenticated: - menta redirects them to the partner sign-in or account-creation page. - The user signs in or creates an account. - The partner redirects the user back to menta. - The user completes the purchase while authenticated. This ensures the buyer has a valid account in the primary system before purchasing a ticket. {% diagram type="sequence" height="400px" %} { "nodes": [ { "id": "actor-1", "type": "sequence-actor", "position": { "x": 7.3333333333333215, "y": 30.063149335941404 }, "data": { "label": "User", "accentColor": "#8b5cf6", "lifelineHeight": 320 } }, { "id": "actor-2", "type": "sequence-actor", "position": { "x": 518.6666666666666, "y": 30.063149335941404 }, "data": { "label": "Your Platform", "accentColor": "#f97316", "lifelineHeight": 320 } }, { "id": "actor-3", "type": "sequence-actor", "position": { "x": 269.10783379716474, "y": 30.063149335941404 }, "data": { "label": "menta tech", "accentColor": "#3b82f6", "lifelineHeight": 320 } }, { "id": "msg-1", "type": "sequence-message", "position": { "x": -1.6666666666666856, "y": 88.16666666666666 }, "data": { "label": "Wants to buy" } }, { "id": "msg-1767819209574", "type": "sequence-message", "position": { "x": 174.56434292996, "y": 156.30384645397356 }, "data": { "label": "During the purchase flow, is sent\nto your platform to authenticate" } }, { "id": "msg-1767819399705", "type": "sequence-message", "position": { "x": -50.70649528044395, "y": 207.69615354602647 }, "data": { "label": " Completes authentication \n(sign-up or sign-in)" } }, { "id": "msg-1767819586656", "type": "sequence-message", "position": { "x": 453.2096641029424, "y": 271.9465133491845 }, "data": { "label": "Generate a One Time Token\nusing menta tech API" } }, { "id": "msg-1767819693042", "type": "sequence-message", "position": { "x": 408.69697569105756, "y": 348.5005142710487 }, "data": { "label": "Redirect the user to returnUrl adding\noneTimeToken to the URL" } } ], "edges": [ { "id": "edge-1767819166606", "source": "msg-1", "target": "actor-3", "sourceHandle": null, "targetHandle": "h-1", "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerEnd": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 }, "data": { "hadArrow": true } }, { "id": "edge-1767819434001", "source": "msg-1767819399705", "target": "actor-2", "sourceHandle": null, "targetHandle": "h-11", "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerEnd": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 } }, { "id": "edge-1767819464235", "source": "actor-1", "target": "msg-1767819209574", "sourceHandle": "s-7", "targetHandle": null, "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerStart": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 }, "data": { "isReversed": true, "hadArrow": true } }, { "id": "edge-1767819608493", "source": "actor-3", "target": "msg-1767819586656", "sourceHandle": "s-16", "targetHandle": null, "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerStart": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 }, "data": { "isReversed": true } }, { "id": "edge-1767819721605", "source": "actor-1", "target": "msg-1767819693042", "sourceHandle": "s-22", "targetHandle": null, "animated": true, "style": { "stroke": "#9ca3af", "strokeWidth": 1.5 }, "markerStart": { "type": "arrowclosed", "color": "#9ca3af", "width": 16, "height": 16 }, "data": { "isReversed": true } } ] } {% /diagram %} ### Implementation #### Flow Details 1. **User is directed to login**: During the purchase flow, menta redirects the user to your platform's login/registration URL, including a `returnTo` query parameter that points back to the menta page where the user left off. Example URL: `https://yourplatform.com/login?returnTo=https://mentatech.io/sell/2738` 2. **User completes authentication**: The user signs in or registers on your platform. 3. **Your platform requests a One Time Token**: After successful authentication, your platform calls the menta tech API to obtain a single-use session token for that user. 4. **menta issues the token**: menta tech returns a one-time session token in the response. 5. **Your platform redirects the user back**: Your platform redirects the user to the `returnTo` URL, appending the token as the `oneTimeToken` query parameter. Example redirect: `https://mentatech.io/sell/2738?oneTimeToken=abc123xyz456` 6. **User continues on menta**: The user resumes the purchase flow on menta, now fully authenticated. #### API Reference **Endpoint:** `GET /v1/auth/oneTimeToken` **Base URL:** `https://api.mentatech.io` **Headers:** | Header | Value | Required | | :--- | :--- | :--- | | Authorization | your_mentatech_apikey | Yes | **Query Parameters:** | Parameter | Description | Required | | :--- | :--- | :--- | | user | Email address of the user who successfully authenticated on your platform. | Yes | **Example request:** `GET https://api.mentatech.io/v1/auth/oneTimeToken?user=johndoe@email.com` **Example response:** ```json { "data": "eyJlbWFpbCI6InVzZXJAZW1haWwuY29tIiwib3R0IjoiOTg0NDE3NDU0MTYiLCJ1c2VkIjpmYWxzZSwidGlja2V0U2VsbGVySWQiOiIyIiwiX2lkIjoiNjZmNDZkN2ZkMGQ0NTMzMGQxMzdhMzhiIn0=" } ``` > **Important:** The `oneTimeToken` is valid only for a short period of time and must be used immediately after being issued. It can only be used once. ### When to use it - Always recommended in resale purchase flows. - When buyer identity must be tied to a primary-platform account. - When downstream processes (delivery, reporting, CRM, QR assignment) require authenticated users. ### Key characteristics - Enforces account creation or sign-in for all buyers. - Prevents anonymous or guest purchases. - Ensures resale buyers exist within the partner ecosystem. {% /tab %} {% tab label="menta OTP Authentication" %} ## menta OTP Authentication ### Description If the partner cannot support Login Trust or Login Force, menta authenticates users through a one-time password sent to their email or phone number. **Flow:** 1. The user enters their email or phone number. 2. menta sends a temporary verification code. 3. The user enters the code. 4. menta authenticates the session. ### When to use it * The partner has no user accounts. * The partner cannot share authenticated identity with menta. * The platform uses pure guest checkout flows. ### Key characteristics * Requires no authentication integration from the partner. * Enables resale on platforms without user accounts. * Adds more friction compared to Login Trust/Force. {% /tab %} {% /conditionaltabs %}