API Login

The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.

Session scopes

In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.

Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries or /commands. Get Webhook verification key is an example for one of these endpoints.

There are currently three available scopes in Vumi Finlink API sessions:

ScopeDescription

read

Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries endpoint

write

Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands endpoint, except for those that use a DELETE http verb

delete

Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands endpoint that use the DELETE http verb

Last updated