API Login
The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.
Get a session token in the API for the given credentials. It lasts one hour
Request body with the credentials to log into Vumi Finlink API
Client ID
Client Secret
your-client-secret
Scopes that the session should have
["read","write","delete"]
POST /api/v1/auth/login HTTP/1.1
Host: api.finlink.vumi.io
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 122
{
"clientId": "123e4567-e89b-12d3-a456-426614174000",
"clientSecret": "your-client-secret",
"scopes": [
"read",
"write",
"delete"
]
}
{
"token": "text"
}
Session scopes
In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.
There are currently three available scopes in Vumi Finlink API sessions:
read
Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries
endpoint
write
Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands
endpoint, except for those that use a DELETE
http verb
delete
Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands
endpoint that use the DELETE
http verb
Last updated