VUMI Documentation
  • Introduction
    • 🎉Welcome!
    • ➡️Quick Start
  • Platform
    • App Overview
      • API Products
      • Connections Overview
      • API Configuration
    • Link Overview
      • Link redirects
      • Link parameters
      • Customization
  • General API Resources
    • Authentication
      • API Login
    • Entities
      • List entities for app
    • Connections
      • Exchange public token
      • Get Connection status
      • List all connections
      • List public tokens
      • Delete Connection
    • Investments
      • List investments
    • Webhook
      • Get verification key
  • Aggregation
    • Accounts
      • List accounts
      • List account transactions
    • Portfolios
      • List portfolios
      • List portfolio transactions
      • List portfolio positions
  • Assets Transfer
    • Assets transfer
  • Developer Resources
    • API and Widget Errors
    • Webhooks and security
      • Webhook verification
    • Pagination
    • Tracing requests
Powered by GitBook
On this page
  1. General API Resources
  2. Authentication

API Login

Last updated 10 months ago

The API login operation takes your credentials and desired (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.

Session scopes

In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.

There are currently three available scopes in Vumi Finlink API sessions:

Scope
Description

read

Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries endpoint

write

Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands endpoint, except for those that use a DELETE http verb

delete

Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands endpoint that use the DELETE http verb

Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries or /commands. is an example for one of these endpoints.

Get Webhook verification key
scopes
  • POSTAPI login
  • Session scopes

API login

post

Get a session token in the API for the given credentials. It lasts one hour

Authorizations
Body

Request body with the credentials to log into Vumi Finlink API

clientIdstring · uuidRequired

Client ID

clientSecretstringRequired

Client Secret

Example: your-client-secret
scopesstring[] | nullableOptional

Scopes that the session should have

Example: ["read","write","delete"]
Responses
post
POST /api/v1/auth/login HTTP/1.1
Host: api.finlink.vumi.io
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 122

{
  "clientId": "123e4567-e89b-12d3-a456-426614174000",
  "clientSecret": "your-client-secret",
  "scopes": [
    "read",
    "write",
    "delete"
  ]
}
{
  "token": "text"
}