API Login
Last updated
Last updated
The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.
In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.
Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries or /commands. Get Webhook verification key is an example for one of these endpoints.
There are currently three available scopes in Vumi Finlink API sessions:
read
Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries endpoint
write
Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands endpoint, except for those that use a DELETE http verb
delete
Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands endpoint that use the DELETE http verb
Get a session token in the API for the given credentials. It lasts one hour
Client ID
Client Secret
"your-client-secret"Scopes that the session should have
["read","write","delete"]Successfully logged into the API
The JWT Token to use in API requests