Authenticate and authorize all API calls
To secure your applicaiton, you with need to authenticate and authorize all your API calls. To do this take the following steps
To begin, you’ll need to acquire your appKey and appPassword. You can find these credentials under the “Applications” menu in the portal.
When making API calls using the Xente API, there must be a user with the necessary permissions delegated to carry out these transactions. You can select the user to delegate to under the “Applications” menu, specifically the “Auth Users” section.
With your appKey, appPassword, and a delegated userId, you are ready to authenticate your application. Use the code snippet below to do so:
If you authenticate successfully, you will get a response JSON with the following parameters.
Key | Type | Description |
---|---|---|
Token | string | Authentication token that you will use to authenticate subsquent API calls |
refreshToken | string | The refresh token is used to refresh session without requiring new user login |
success | boolean | Status of authentication request |
message | string | A description of status |
Important information on the Token
- The lifetime of the token is 60 minutes. Once it expires, use the refresh token to obtain another one or have the user log in again.
- The token will only be exposed once. Safely store it in the cache for the duration of its lifetime
After successfully authenticating your application and user and obtaining a valid token, you can use it for authorization as demonstrated below.