API Login

The API login operation takes your credentials and desired scopes (if you leave them blank, all scopes will be associated to the session) and returns a session JWT token that lasts for one hour.

API login

post

Get a session token in the API for the given credentials. It lasts one hour

Authorizations
Body

Request body with the credentials to log into Vumi Finlink API

clientIdstring · uuidRequired

Client ID

clientSecretstringRequired

Client Secret

Example: your-client-secret
scopesstring[] | nullableOptional

Scopes that the session should have

Example: ["read","write","delete"]
Responses
200
Successfully logged into the API
application/json
post
POST /api/v1/auth/login HTTP/1.1
Host: api.finlink.vumi.io
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 122

{
  "clientId": "123e4567-e89b-12d3-a456-426614174000",
  "clientSecret": "your-client-secret",
  "scopes": [
    "read",
    "write",
    "delete"
  ]
}
{
  "token": "text"
}

Session scopes

In Vumi Finlink API you can limit session scopes. If you leave them blank or null when starting a session, all scopes will be associated to the given session. We recommend following the "principle of least privilege", meaning that if you are certain a session will only be used for a specific purpose, don't assign it unnecessary scopes just in case your token gets compromised.

Some endpoints in our API can be called with a session without any specific scope needed. These endpoints are simple to identify, since they're not under neither /queries or /commands. Get Webhook verification key is an example for one of these endpoints.

There are currently three available scopes in Vumi Finlink API sessions:

Scope
Description

read

Scope associated with all read operations in the Vumi Finlink API. Read operations are those under the /api/v1/queries endpoint

write

Scope associated with all write operations in the Vumi Finlink API. Write operations are those under the /api/v1/commands endpoint, except for those that use a DELETE http verb

delete

Scope associated with all delete operations in the Vumi Finlink API. Delete operations are those under the /api/v1/commands endpoint that use the DELETE http verb

Last updated