Authentication

api hostname & server ips product hosting information protocol https // preproduction hostname investor onboarding preproduction signzy tech production hostname investor onboarding signzy tech url as per each api endpoint authorizing your access you have a username and an api key the key also acts as your password to the apis you need to have an access token for making any further api calls, which you can receive by logging in manually or programmatically using these credentials signzy apis adhere to authentication defined by swagger 2 0 specifications each call to the apis should include an 'authorization' header or 'access token' query parameter for authentication logging in for using signzy apis you have to first log in to signzy system which is a simple rest api(https) call with json parameters as username and password the following section mentions the data to be input, the expected output, and the meaning of fields in json input headers property value content type application/json input request { "username" "enter your valid username", "password" "enter your valid password" } input to login request post request to /api/customers/login expected login response { "id" " id ", "ttl" " ttl ", "created" " created ", "userid" " userid " } property accepted values/format description id string this is your access token to be passed into other endpoints as authorization header ttl integer time to live (ttl for the access token that is generated) created string time and date of creation of access token userid string id of the customer which is the onboarding product's client sending authenticated requests once you have an access token from the login api call, you can send further calls to different endpoints by passing the access token in the authorization header or in the access token query (get) parameter it is advisable to send access token in the header since query parameters are sometimes saved in the log files thereby exposing vulnerabilities until the access token is deleted from sessions logging out to log out you simply need to call the logout route with the access token in the 'access token' query parameter or as the 'authorization' header post /api/customers/logout?access token=\ access token to delete // response is 204 status code with no content, indicating the access token has been deleted security data transaction we accept only secure https calls for all apis, which adhere to a strong cipher suite defined using sha 256 with rsa encryption all transactional data are encrypted at the source and encryption is maintained throughout, so that there is no unauthorized access the urls expire in 30 seconds by default, unless explicitly specified in the inbound request in the ttl parameter access tokens & api keys anybody with your api key/password or an access token generated using them can access all information you have created and also send requests on your behalf hence it is strongly recommended not to send the api key/password to the client side, instead use a reverse proxy to call signzy apis you can disable any active access token by logging out let us know if your signzy password/api key is compromised as soon as possible so that we can disable & create new ones and prevent any misuse of your data getting help please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better you can reach out to us at help\@signzy com