Authentication & Authorization


In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (otp). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.

Refer to our guide on Generating a Time-Based One-Time Password (TOTP) with a Shared Secret.

  • Endpoint: /api/v1/public/auth/login

  • Method: POST

Request Body Parameters:

  • username (String): The username of the user attempting to log in—required.

  • password (String): The password associated with the username—required.

  • otp (String): A time-based one-time password (TOTP) generated from the user's shared secret—required.

Request Example:

  "username": "exampleUser",
  "password": "examplePass",
  "otp": "123456"

Response Body Parameters:

  • id (Integer): A numerical identifier of the response, often representing the authenticated user’s ID.

  • details (Object):

    • accessToken (String): The bearer token provided upon successful authentication.

    • expiresIn (Integer): The number of seconds until the token expires.

Success Response Example:

  "id": 0,
  "details": {
    "accessToken": "eyJhbGciOiJIUzI1Ni...",
    "expiresIn": 3600
  "status": "1",
  "errors": []


API requests are authorized if the headers contains both the Authorization and otp fields.

Header KeyExpected ValueExample


Bearer {{accessToken}}

Bearer eyJhbGciOiJIUzI1Ni...


TOTP using:

  • SHA-1 hash

  • 6 digit output

  • 30 second interval based on the user’s shared secret.


Last updated