Authentication

the authentication is done at the channel level you can think of the channel as an extension of users it accepts general details like email, password, and username and also further details which describe the grants given to a particular channel a channel may be created by another channel only authorizing your access authentication is done at the channel level a channel can be thought of as an extension of the user model and authentication can be executed using a combination of username and password the username and password are set by the channel creating another channel a channel’s username and password can be changed anytime using an older password you need to have an access token for making any further api calls, which you can receive by logging in manually or programmatically using these credentials signzy apis adhere to authentication defined by swagger 2 0 specifications each call to the apis should include an ‘authorization’ header or 'access token’ query parameter for authentication logging into the api service requires a simple http call the following section mentions data to be input, expected output, and the meaning of fields url /api/channels/login hostname and protocol to be applied as described above input data { "username" " ", "password" " " } two parameters are to be passed as json payload for logging in username > string password > string the userid returned above is important and is also referred to as the channel id the channel id will further be required to make onboarding api calls expected output { "id" " ", "ttl" 0000, "created" " ", "userid" " " } the following 4 properties are expected as output from the login api id > string (this is the access token to be used in the below requests ) ttl > int (the time, and number of seconds, for which the access token described above is valid for ) created > string (iso timestamp of creation date for this token ) userid > string (channel’s user id, the user which created this token ) sending authenticated requests once you have an access token from the login api call, you can send further calls to different endpoints by passing the access token in the authorization header or in the access token query (get) parameter it is advisable to send access token in the header since query parameters are sometimes saved in the log files thereby exposing vulnerabilities until the access token is deleted from sessions security anybody with your api key/password or an access token generated using them can access all information you have created and also send requests on your behalf it is strongly recommended to not send api key/password to the client side and instead uses reverse proxy to call signzy apis if case you think an access token is compromised, you should delete it using logout let us know if your signzy password/api key is compromised as soon as possible so that we can disable & create new ones and prevent any misuse of your data getting help please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better you can reach out to us at help\@signzy com