Authentication
Protocol: https://
Preproduction-Hostname: investor-onboarding-preproduction.signzy.tech
Production-Hostname: investor-onboarding.signzy.tech
URL: As per each API endpoint
You have a username and an API key. The key also acts as your password to the APIs. You need to have an access token for making any further API calls, which you can receive by logging in manually or programmatically using these credentials.
Signzy APIs adhere to authentication defined by Swagger 2.0 specifications. Each call to the APIs should include an 'Authorization' header or 'access_token' query parameter for authentication.
For using Signzy APIs you have to first log in to Signzy System which is a simple Rest API(HTTPS) call with JSON parameters as username and password. The following section mentions the data to be input, the expected output, and the meaning of fields in JSON.
Property | Value |
|---|---|
Content-type | application/json |
Post request to:: /api/customers/login
Property | Accepted Values/Format | Description |
|---|---|---|
id | String | This is your access token to be passed into other endpoints as Authorization header |
ttl | Integer | Time to live (TTL for the access token that is generated) |
created | String | Time and Date of creation of access-token |
userId | String | ID of the customer which is the onboarding product's client |
Once you have an access token from the login API call, you can send further calls to different endpoints by passing the access token in the Authorization header or in the access_token query (GET) parameter.
It is advisable to send Access Token in the header. Since query parameters are sometimes saved in the log files thereby exposing vulnerabilities until the access_token is deleted from sessions.
To log out you simply need to call the logout route with the access token in the 'access_token' query parameter or as the 'Authorization' header.
POST:: /api/customers/logout?access_token=:access-token-to-delete
// Response is 204 status code with no content, indicating the Access-token has been deleted.
We accept only secure HTTPS calls for all APIs, which adhere to a strong cipher suite defined using SHA-256 with RSA Encryption. All transactional data are encrypted at the source and encryption is maintained throughout, so that there is no unauthorized access.
The URLs expire in 30 seconds by default, unless explicitly specified in the inbound request in the TTL parameter.
Anybody with your API key/password or an Access Token generated using them can access all information you have created and also send requests on your behalf. Hence it is strongly recommended not to send the API key/Password to the client side, instead use a reverse proxy to call Signzy APIs.
You can disable any active access_token by logging out. Let us know if your Signzy Password/API key is compromised as soon as possible so that we can disable & create new ones and prevent any misuse of your data.
Getting help
Please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better.
You can reach out to us at [email protected].