API Login
The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.
Session scopes
In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.
Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries
or /commands
. Get Webhook verification key is an example for one of these endpoints.
There are currently three available scopes in Vumi Finlink API sessions:
read
Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries
endpoint
write
Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands
endpoint, except for those that use a DELETE
http verb
delete
Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands
endpoint that use the DELETE
http verb
Last updated