As part of the authentication flow outlined in Authenticating with an Auth Token, this endpoint is called to request an access token which can be used to authorize subsequent requests. This access token will have an expiration time that is up to 8 hours in the future.

Refer to the Auth Token Management doc for more information on managing your /auth_token

Endpoint Authentication

When your client application was first created, the response contained two values of interest here:

client_id
client_secret

Authentication at this endpoint is accomplished using HTTP Basic Authentication , and uses your application's client_id and client_secret as the username and password component of the Authorization: Basic username:password string.

You can obtain your application's client_id and client_secret via the Sila Console.
Refer to the Register Your Application docs

Requesting an Auth Token

A POST request to this endpoint will request an Auth Token.

There is no benefit to repeatedly requesting an Auth Token

If you re-request a token for your client app while your current token has more than 30 minutes left before it expires, the API will return the same token from the previous request. Only when your token has less than 30 minutes left will a new token with a full 8-hour window be issued.

Auth Token re-use

📘
Caching the access token
Please refer to the sections relating to Token Caching and Usage of a cached access token in Authenticating with Auth Tokens - Caching an Auth Token.

Requests

The request header must implement HTTP Basic Authentication with an Authorization: Basic header, and the request "data header" must contain the app's auth_handle.

Building and encoding an HTTP Basic Authentication credentials string

Building
Construct the credentials string by concatenating the client_id, a single colon (:) character, and the client_secret.

Encoding
When the time comes to add the credentials string to the Basic auth header, you need to first encode with Base64 as a utf-8 value, then convert that value to an ASCII string.

Here's an example of how that is done in Python and Javascript:

const basicAuthString = 'Basic ' + Buffer.from(CLIENT_ID + ':' + CLIENT_SECRET).toString('base64');

>>> base64.b64encode(b'my_app_client_id:my_app_client_secret').decode('utf-8')
'bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA=='

POST /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "auth_handle": "handle.silamoney.eth",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True,
  "access_token": {
    "token": "<a 205-character string>",
    "expiration": 1611514008,
    "expiration_dt": "2021-01-24T18:46:48.788837Z"
  }
}

Key	Data Type	Required/Optional	Description
header	JSON object	Required	A container for request metadata
header.created	Integer	Required	Unix epoch timestamp in seconds. The date & time must not be future-dated and must not be dated more than 5 minutes in the past.
header.auth_handle	String	Required	Must be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off). This value should match the required regex pattern: ^", "h-2": +$ (not including .silamoney.com portion). Examples: handle.silamoney.eth or handle.
header.version	String	Optional	May be left out of request, but cannot be `null` if key is present. Valid values: 0.2, v0.2, V0.2 Example: 0.2
header.reference	String	Optional	Any value for your own reference. Can be any string, uniqueness not required. May not be null. Example: `07e71ee7-4878-4424-862a-3113e83ae09b`.

Responses

The response will contain a JWT access token, the token's expiration time in both epoch and human-friendly format, and a success boolean.

Key	Data Type	Description
`success`	Boolean	`True` for a successful response.
`access_token`	JSON object	A container for access token data.
`access_token.token`	String	A 205-character string.
`access_token.expiration`	Integer	A Unix epoch timestamp in seconds. Can be up to 8 hours in the future.
`access_token.expiration_dt`	String	A human-friendly representation of the `expiration` value, conforms to ISO 8601 for combined date and time values. Example: `2021-01-24T19:12:08.454818Z`

Invalidating an Auth Token

If you feel that your application's current and unexpired Auth Token has become compromised, you may immediately invalidate it by calling this endpoint with a DELETE method.

DELETE /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA== 
Content-Type: application/json

{
  "header": {
    "created": 1234567890, 
    "auth_handle": "handle.silamoney.eth",
    "version": "0.2", 
    "reference": "<your unique id>"
    
  }
}

***

HTTP/1.1 200 OK

{
  "success": True
}

Requests

Key	Data Type	Required/Optional	Description
header	JSON object	Required	A container for request metadata
header.created	Integer	Required	Unix epoch timestamp in seconds. The date & time must not be future-dated and must not be dated more than 5 minutes in the past.
header.auth_handle	String	Required	Must be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off). This value should match the required regex pattern: ^", "h-2": +$ (not including .silamoney.com portion). Examples: handle.silamoney.eth or handle.
header.version	String	Optional	May be left out of request, but cannot be `null` if key is present. Valid values: 0.2, v0.2, V0.2 Example: 0.2
header.reference	String	Optional	Any value for your own reference. Can be any string, uniqueness not required. May not be null. Example: `07e71ee7-4878-4424-862a-3113e83ae09b`.

Responses

Key	Data Type	Description
`success`	Boolean	`True` for a successful response.

For Authentication failure responses refer to the Authenticating with an Auth Token docs.