Multi Channel - Distributors
Authentication

7min
The authentication is done at the channel level. You can think of the channel as an extension of users. It accepts general details like email, password, and username and also further details which describe the grants given to a particular channel.
A channel may be created by another channel only.
Authorizing Your Access
Authentication is done at the channel level. A channel can be thought of as an extension of the user model and authentication can be executed using a combination of username and password. The username and password are set by the channel creating another channel. A channel’s username and password can be changed anytime using an older password.
You need to have an access token for making any further API calls, which you can receive by logging in manually or programmatically using these credentials.
Signzy APIs adhere to authentication defined by Swagger 2.0 specifications. Each call to the APIs should include an ‘Authorization’ header or 'access_token’ query parameter for authentication.
Logging into the API service requires a simple HTTP call. The following section mentions data to be input, expected output, and the meaning of fields.
URL: /api/channels/login
Hostname and protocol to be applied as described above.
Input Data
JSON
{
    "username": ".......",
    "password": "........"
}
{
    "username": ".......",
    "password": "........"
}
﻿
Two parameters are to be passed as JSON payload for logging in
username -> String
password -> String
The userID returned above is important and is also referred to as the channel ID. The channel ID will further be required to make onboarding API calls.
Expected Output
JSON
{
    "id": ".......",
    "ttl": 0000,
    "created": ".......",
    "userId": "........"
}
{
    "id": ".......",
    "ttl": 0000,
    "created": ".......",
    "userId": "........"
}
﻿
The following 4 properties are expected as output from the Login API
id -> String (This is the access token to be used in the below requests.)
ttl -> Int (The time, and number of seconds, for which the access token described above is valid for.)
created -> String (ISO timestamp of creation date for this token.)
userId -> String (Channel’s user ID, the user which created this token.)
Sending Authenticated Requests
Once you have an access token from the login API call, you can send further calls to different endpoints by passing the access token in the Authorization header or in the access_token query (GET) parameter.
It is advisable to send Access Token in the header since query parameters are sometimes saved in the log files thereby exposing vulnerabilities until the access_token is deleted from sessions.
Security
Anybody with your API key/password or an Access Token generated using them can access all information you have created and also send requests on your behalf. It is strongly recommended to not send API-key/Password to the client side and instead uses reverse proxy to call Signzy APIs.
If case you think an access token is compromised, you should delete it using logout. Let us know if your Signzy Password/API key is compromised as soon as possible so that we can disable & create new ones and prevent any misuse of your data.

Getting help
Please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better.

You can reach out to us at [email protected].
﻿
Basic Details
Channel APIs