Authentication & Authorization

Authentication

In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (otp). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.

Refer to our guide on Generating a Time-Based One-Time Password (TOTP) with a Shared Secret.

Endpoint: /api/v1/public/auth/login
Method: POST

Request body parameters:

Username: Login username
Password: User password
Otp: Time-based one time password generater from provided shared secret

Response:

accessToken: Bearer access token user for authorization
expiresIn: Access token expiry time in seconds
refreshToken: Refresh token used to refresh an access token
refreshTokenExpiresIn: Refresh token expiry time in secords

Possible validation messages:

Required: Required field is missing
Username_Or_Password_Incorrect: Invalid credentials
Account_Not_Verified: Account is not permitted to use the API
Account_Locked: Account locked for 10 minutes after too many failed attempts
Account_Suppressed: Account is currently inactive

POSThttps://fintech-phoenix-customer-api-v1.api.avamae.co.uk/api/v1/public/auth/login

Body

username*string

password*string (password)

otp*string

Response

Success

Body

statusnullable string

errorsnullable array of AvamaeTemplate.Core.Types.Results.Base.ErrorResultDto (object)

idinteger (int64)

detailsAvamaeTemplate.Core.Types.Dtos.PublicRole.AuthModule.LoginSuccessResultDetails (object)

Request

const response = await fetch('https://fintech-phoenix-customer-api-v1.api.avamae.co.uk/api/v1/public/auth/login', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json-patch+json"
    },
    body: JSON.stringify({
      "otp": "text",
      "password": "password",
      "username": "text"
    }),
});
const data = await response.json();

Response

{
  "status": "text",
  "errors": [
    {
      "fieldName": "text",
      "messageCode": "text"
    }
  ],
  "details": {
    "accessToken": "text"
  }
}

Request Body Parameters:

username (String): The username of the user attempting to log in—required.
password (String): The password associated with the username—required.
otp (String): A time-based one-time password (TOTP) generated from the user's shared secret—required.

Request Example:

{
  "username": "exampleUser",
  "password": "examplePass",
  "otp": "123456"
}

Response Body Parameters:

id (Integer): A numerical identifier of the response, often representing the authenticated user’s ID.
details (Object):
- accessToken (String): The bearer token provided upon successful authentication.
- expiresIn (Integer): The number of seconds until the token expires.

Success Response Example:

{
  "id": 0,
  "details": {
    "accessToken": "eyJhbGciOiJIUzI1Ni...",
    "expiresIn": 3600
  },
  "status": "1",
  "errors": []
}

Authorization

API requests are authorized if the headers contains both the Authorization and otp fields.

Header Key

Expected Value

Example

PreviousFirst API Call NextGenerating a Time-Based One-Time Password (TOTP) with a Shared Secret

Last updated 9 months ago

Authentication

Generates bearer access token for private endpoints

Authorization

Generates bearer access token for private endpoints