Authentication & Authorization
Authentication
In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (otp
). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.
Refer to our guide on Generating a Time-Based One-Time Password (TOTP) with a Shared Secret.
Endpoint:
/api/v1/public/auth/login
Method:
POST
Request body parameters:
- Username: Login username
- Password: User password
- Otp: Time-based one time password generater from provided shared secret
Response:
- accessToken: Bearer access token user for authorization
- expiresIn: Access token expiry time in seconds
- refreshToken: Refresh token used to refresh an access token
- refreshTokenExpiresIn: Refresh token expiry time in secords
Possible validation messages:
- Required: Required field is missing
- Username_Or_Password_Incorrect: Invalid credentials
- Account_Not_Verified: Account is not permitted to use the API
- Account_Locked: Account locked for 10 minutes after too many failed attempts
- Account_Suppressed: Account is currently inactive
POST /api/v1/public/auth/login HTTP/1.1
Host: fintech-phoenix-customer-api-v1.api.avamae.co.uk
Authorization: YOUR_API_KEY
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 54
{
"username": "text",
"password": "password",
"otp": "text"
}
{
"status": "text",
"errors": [
{
"fieldName": "text",
"messageCode": "text"
}
],
"id": 1,
"details": {
"accessToken": "text",
"expiresIn": 1
}
}
Request Body Parameters:
username
(String): The username of the user attempting to log in—required.password
(String): The password associated with the username—required.otp
(String): A time-based one-time password (TOTP) generated from the user's shared secret—required.
Request Example:
{
"username": "exampleUser",
"password": "examplePass",
"otp": "123456"
}
Response Body Parameters:
id
(Integer): A numerical identifier of the response, often representing the authenticated user’s ID.details
(Object):accessToken
(String): The bearer token provided upon successful authentication.expiresIn
(Integer): The number of seconds until the token expires.
Success Response Example:
{
"id": 0,
"details": {
"accessToken": "eyJhbGciOiJIUzI1Ni...",
"expiresIn": 3600
},
"status": "1",
"errors": []
}
Authorization
API requests are authorized if the headers contains both the Authorization
and otp
fields.
Authorization
Bearer {{accessToken}}
Bearer eyJhbGciOiJIUzI1Ni...
otp
TOTP using:
SHA-1 hash
6 digit output
30 second interval based on the user’s shared secret.
679008
Last updated