/auth_token (BETA)

Request or invalidate an Auth Token

Suggest Edits

As part of the authentication flow outlined in Authenticating with an Auth Token, this endpoint is called to request an access token which can be used to authorize subsequent requests. This access token will have an expiration time that is up to 8 hours in the future.

Refer to the Auth Token Management doc for more information on managing your /auth_token

Endpoint Authentication

When your client application was first created, the response contained two values of interest here:

  • client_id
  • client_secret

Authentication at this endpoint is accomplished using HTTP Basic Authentication , and uses your application's client_id and client_secret as the username and password component of the Authorization: Basic username:password string.

You can obtain your application's client_id and client_secret via the Sila Console.
Refer to the Register Your Application docs

Requesting an Auth Token

A POST request to this endpoint will request an Auth Token.

There is no benefit to repeatedly requesting an Auth Token

If you re-request a token for your client app while your current token has more than 30 minutes left before it expires, the API will return the same token from the previous request. Only when your token has less than 30 minutes left will a new token with a full 8-hour window be issued.

Auth Token re-use

📘

Caching the access token

Please refer to the sections relating to Token Caching and Usage of a cached access token in Authenticating with Auth Tokens - Caching an Auth Token.

Requests

The request header must implement HTTP Basic Authentication with an Authorization: Basic header, and the request "data header" must contain the app's auth_handle.

Building and encoding an HTTP Basic Authentication credentials string

Building
Construct the credentials string by concatenating the client_id, a single colon (:) character, and the client_secret.

Encoding
When the time comes to add the credentials string to the Basic auth header, you need to first encode with Base64 as a utf-8 value, then convert that value to an ASCII string.

Here's an example of how that is done in Python and Javascript:

const basicAuthString = 'Basic ' + Buffer.from(CLIENT_ID + ':' + CLIENT_SECRET).toString('base64');

>>> base64.b64encode(b'my_app_client_id:my_app_client_secret').decode('utf-8')
'bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA=='

POST /0.2/access_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "auth_handle": "handle.silamoney.eth",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True,
  "access_token": {
    "token": "<a 205-character string>",
    "expiration": 1611514008,
    "expiration_dt": "2021-01-24T18:46:48.788837Z"
  }
}
KeyData TypeRequired/OptionalDescription
headerJSON objectRequiredA container for request metadata
header.createdIntegerRequiredUnix epoch timestamp in seconds.
The date & time must not be future-dated and must not be dated more than 5 minutes in the past.
header.auth_handleStringRequiredMust be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off).
This value should match the required regex pattern: ^[-a-zA-Z0-9_.]+$ (not including .silamoney.com portion).
Examples: handle.silamoney.eth or handle.
header.versionStringOptionalMay be left out of request, but cannot be null if key is present.
Valid values: 0.2, v0.2, V0.2 Example: 0.2
header.referenceStringOptionalAny value for your own reference. Can be any string, uniqueness not required. May not be null. Example: 07e71ee7-4878-4424-862a-3113e83ae09b.

Responses

The response will contain a JWT access token, the token's expiration time in both epoch and human-friendly format, and a success boolean.

KeyData TypeDescription
successBooleanTrue for a successful response.
access_tokenJSON objectA container for access token data.
access_token.tokenStringA 205-character string.
access_token.expirationIntegerA Unix epoch timestamp in seconds. Can be up to 8 hours in the future.
access_token.expiration_dtStringA human-friendly representation of the expiration value, conforms to ISO 8601 for combined date and time values.
Example: 2021-01-24T19:12:08.454818Z

Invalidating an Auth Token

If you feel that your application's current and unexpired Auth Token has become compromised, you may immediately invalidate it by calling this endpoint with a DELETE method.

DELETE /0.2/access_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "auth_handle": "handle.silamoney.eth",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True
}

Requests

KeyData TypeRequired/OptionalDescription
headerJSON objectRequiredA container for request metadata
header.createdIntegerRequiredUnix epoch timestamp in seconds.
The date & time must not be future-dated and must not be dated more than 5 minutes in the past.
header.auth_handleStringRequiredMust be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off).
This value should match the required regex pattern: ^[-a-zA-Z0-9_.]+$ (not including .silamoney.com portion).
Examples: handle.silamoney.eth or handle.
header.versionStringOptionalMay be left out of request, but cannot be null if key is present.
Valid values: 0.2, v0.2, V0.2 Example: 0.2
header.referenceStringOptionalAny value for your own reference. Can be any string, uniqueness not required. May not be null. Example: 07e71ee7-4878-4424-862a-3113e83ae09b.

Responses

KeyData TypeDescription
successBooleanTrue for a successful response.

For Authentication failure responses refer to the Authenticating with an Auth Token docs.

Updated 26 days ago