Authentication & Authorization

Authentication

In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (otp). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.

• Endpoint: /api/v1/public/auth/login

• Method: POST

Request Body Parameters:

• username (String): The username of the user attempting to log in—required.

• password (String): The password associated with the username—required.

• otp (String): A time-based one-time password (TOTP) generated from the user's shared secret—required.

Request Example:

{
  "username": "exampleUser",
  "password": "examplePass",
  "otp": "123456"
}

Response Body Parameters:

• id (Integer): A numerical identifier of the response, often representing the authenticated user’s ID.

• details (Object):

  • accessToken (String): The bearer token provided upon successful authentication.

  • expiresIn (Integer): The number of seconds until the token expires.

Success Response Example:

{
  "id": 0,
  "details": {
    "accessToken": "eyJhbGciOiJIUzI1Ni...",
    "expiresIn": 3600
  },
  "status": "1",
  "errors": []
}

Authorization

API requests are authorized if the headers contains both the Authorization and otp fields.