/auth_token

Request or invalidate an Auth token

🚧

Required auth method

Newly onboarding customers are required to implement the OAuth2 method for authentication. Please disregard ECDSA references.

Migrating from ECDSA to OAuth2 implementation guide here.

Call this endpoint to request an auth token which can be used to authorize subsequent API requests. This token has an 8-hour expiry window.

You can also call this endpoint to invalidate auth tokens.

Refer to the JWT Overview doc for more information on JWT and the auth token object your /auth_token

Requesting an Auth Token Requirements

HTTP Basic Authentication username and password

Since the JWT method utilizes HTTP Basic Authentication, you'll need an Authorization: Basic username:password string.

Use your client_id for the username and client_secret for the password.

You received the client_id and client_secret when you first created your app. Look for the file you downloaded after clicking "Download Keys" during app creation

Building and encoding an HTTP Basic Authentication credentials string

You'll use this credentials string in the Authorization header of all API calls made, including /auth_token.

Building
Construct the credentials string by concatenating the client_id, a single colon (:) character, and the client_secret.

Encoding
When the time comes to add the credentials string to the Basic auth header, you need to first encode with Base64 as a utf-8 value, then convert that value to an ASCII string.

Here's an example of how that is done in JavaScript and Python:

const basicAuthString = 'Basic ' + Buffer.from(CLIENT_ID + ':' + CLIENT_SECRET).toString('base64');
>>> base64.b64encode(b'my_app_client_id:my_app_client_secret').decode('utf-8')
'bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA=='

Request

POST /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "app_handle": "your_app_handle",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True,
  "access_token": {
    "token": "<a 205-character string>",
    "expiration": 1611514008,
    "expiration_dt": "2021-01-24T18:46:48.788837Z"
  }
}

Request Attributes

KeyData TypeDescription
headerJSON objectRequired.

Required keys:

created - Unix epoch timestamp in seconds. Must not be future-dated and must not be dated more than 5 minutes in the past.
app_handle - your app handle

Optional keys:

reference: Can be any value for your own reference. If not provided, one will be assigned. Example: 07e71ee7-4878-4424-862a-3113e83ae09b
version: Cannot be null if key is present. Valid values: 0.2, v0.2, V0.2

Responses

The response will contain a JWT access token, the token's expiration time in both epoch and human-friendly format, and a success boolean.

KeyData TypeDescription
successBooleanTrue for a successful response.
access_tokenJSON objectA container for access token data.
access_token.tokenStringA 205-character string.
access_token.expirationIntegerA Unix epoch timestamp in seconds. Can be up to 8 hours in the future.
access_token.expiration_dtStringA human-friendly representation of the expiration value, conforms to ISO 8601 for combined date and time values.
Example: 2021-01-24T19:12:08.454818Z

Invalidating an Auth Token

If you feel that your application's current and unexpired Auth token has become compromised, you may immediately invalidate it by calling this endpoint with a DELETE method.

Request

DELETE /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "auth_handle": "handle.silamoney.eth",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True
}

Request Attributes

KeyData TypeDescription
headerJSON objectRequired.

Required keys:

created - Unix epoch timestamp in seconds. Must not be future-dated and must not be dated more than 5 minutes in the past.
app_handle - your app handle
user_handle - the user_handle to go through KYC

Optional keys:

reference: Can be any value for your own reference. If not provided, one will be assigned.
version: Cannot be null if key is present. Valid values: 0.2, v0.2, V0.2

Responses

KeyData TypeDescription
successBooleanTrue for a successful response.