V2 Gateway - Authentication & more details
To access Signzy APIs through the version 2 gateway, you need a username and a Password (API key). The API key acts as your password to the APIs. You must have an access token to make further API calls, which you can obtain by logging in either manually or programmatically using your credentials.
Signzy APIs follow the authentication guidelines defined by Swagger 2.0 specifications. Each API call should include an 'Authorization' header or 'access_token' query parameter for authentication.
Method | URL |
POST | |
POST | Production Credentials |
Input Parameters:
Parameter | Type | Required | Description |
username | string | Yes | Your Signzy API username |
password | string | Yes | Your Signzy API key (password) |
Output Parameters:
Parameter | Type | Description |
id | string | Your access token for accessing Signzy APIs. This needs to be added in the authorization header of the indivudial |
userId | string | your patronId that will be required to be passed in the URL Example /api/v2/patrons/<...patronId>/gstins |
ttl | number | The number of seconds for which the token is valid. |
created | string | The creation time of the token in ISO format. |
After obtaining an access token through the login API call, you can send further calls to different endpoints by passing the access token in the Authorization header or in the access_token query (GET) parameter.
It is advisable to send the Access Token in the header since query parameters can sometimes be saved in the log files, thereby exposing vulnerabilities until the access_token is deleted from sessions.
To log out, you need to call the logout route with the access token in the 'access_token' query parameter or as the 'Authorization' header.
Logout API:
Method | URL |
POST | Preproduction credentials |
POST | Production Credentials |
Input Parameters:
Parameter | Type | Required | Description |
access_token | string | Yes | Your access token obtained from the login API |
The response is a 204 status code with no content, indicating that the Access-token has been deleted.
Signzy APIs are secure and adhere to industry-standard security measures. All communication between the client and the Signzy APIs is encrypted with SSL/TLS. We recommend the following security practices:
- Do not send the API key/password to the client side and instead use a reverse proxy to call Signzy APIs.
- Delete access tokens after use and do not store them on the client side.
- Inform Signzy support immediately if you suspect that your Signzy API key/password has been compromised.