Authentication & Authorization
Authentication
In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (otp
). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.
Refer to our guide on Generating a Time-Based One-Time Password (TOTP) with a Shared Secret.
Endpoint:
/api/v1/public/auth/login
Method:
POST
Request Body Parameters:
username
(String): The username of the user attempting to log in—required.password
(String): The password associated with the username—required.otp
(String): A time-based one-time password (TOTP) generated from the user's shared secret—required.
Request Example:
Response Body Parameters:
id
(Integer): A numerical identifier of the response, often representing the authenticated user’s ID.details
(Object):accessToken
(String): The bearer token provided upon successful authentication.expiresIn
(Integer): The number of seconds until the token expires.
Success Response Example:
Authorization
API requests are authorized if the headers contains both the Authorization
and otp
fields.
Authorization
Bearer {{accessToken}}
Bearer eyJhbGciOiJIUzI1Ni...
otp
TOTP using:
SHA-1 hash
6 digit output
30 second interval based on the user’s shared secret.
679008
Last updated