API Login

The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.

Get a session token in the API for the given credentials. It lasts one hour

POSThttps://api.finlink.vumi.io/api/v1/auth/login

Body

clientId*string (uuid)

Client ID

clientSecret*string

Client Secret

Example: "your-client-secret"

scopesnullable array of nullable string

Scopes that the session should have

Response

Successfully logged into the API

Body

tokenstring

The JWT Token to use in API requests

Request

const response = await fetch('https://api.finlink.vumi.io/api/v1/auth/login', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "clientId": "123e4567-e89b-12d3-a456-426614174000",
      "clientSecret": "your-client-secret"
    }),
});
const data = await response.json();

Response

{
  "token": "text"
}

Session scopes

In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.

Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries or /commands. Get Webhook verification key is an example for one of these endpoints.

There are currently three available scopes in Vumi Finlink API sessions:

Scope Description

Scope	Description
read	Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the `/api/v1/queries` endpoint
write	Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the `/api/v1/commands` endpoint, except for those that use a `DELETE` http verb
delete	Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the `/api/v1/commands` endpoint that use the `DELETE` http verb

read

Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries endpoint

write

Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands endpoint, except for those that use a DELETE http verb

delete

Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands endpoint that use the DELETE http verb

Last updated 3 months ago