/auth_token (BETA)
Request or invalidate an Auth Token
As part of the authentication flow outlined in Authenticating with an Auth Token, this endpoint is called to request an access token which can be used to authorize subsequent requests. This access token will have an expiration time that is up to 8 hours in the future.
Refer to the Auth Token Management doc for more information on managing your
/auth_token
Endpoint Authentication
When your client application was first created, the response contained two values of interest here:
client_id
client_secret
Authentication at this endpoint is accomplished using HTTP Basic Authentication , and uses your application's client_id
and client_secret
as the username
and password
component of the Authorization: Basic username:password
string.
You can obtain your application's
client_id
andclient_secret
via the Sila Console.
Refer to the Register Your Application docs
Requesting an Auth Token
A POST
request to this endpoint will request an Auth Token.
There is no benefit to repeatedly requesting an Auth Token
If you re-request a token for your client app while your current token has more than 30 minutes left before it expires, the API will return the same token from the previous request. Only when your token has less than 30 minutes left will a new token with a full 8-hour window be issued.
Auth Token re-use
Caching the access token
Please refer to the sections relating to Token Caching and Usage of a cached access token in Authenticating with Auth Tokens - Caching an Auth Token.
Requests
The request header must implement HTTP Basic Authentication with an Authorization: Basic
header, and the request "data header" must contain the app's auth_handle
.
Building and encoding an HTTP Basic Authentication credentials string
Building
Construct the credentials string by concatenating the client_id
, a single colon (:
) character, and the client_secret
.
Encoding
When the time comes to add the credentials string to the Basic auth header, you need to first encode with Base64 as a utf-8
value, then convert that value to an ASCII string.
Here's an example of how that is done in Python and Javascript:
const basicAuthString = 'Basic ' + Buffer.from(CLIENT_ID + ':' + CLIENT_SECRET).toString('base64');
>>> base64.b64encode(b'my_app_client_id:my_app_client_secret').decode('utf-8')
'bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA=='
POST /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA==
Content-Type: application/json
{
"header": {
"created": 1234567890,
"auth_handle": "handle.silamoney.eth",
"version": "0.2",
"reference": "<your unique id>"
}
}
***
HTTP/1.1 200 OK
{
"success": True,
"access_token": {
"token": "<a 205-character string>",
"expiration": 1611514008,
"expiration_dt": "2021-01-24T18:46:48.788837Z"
}
}
Key | Data Type | Required/Optional | Description |
---|---|---|---|
header | JSON object | Required | A container for request metadata |
header.created | Integer | Required | Unix epoch timestamp in seconds. The date & time must not be future-dated and must not be dated more than 5 minutes in the past. |
header.auth_handle | String | Required | Must be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off). This value should match the required regex pattern: ^", "h-2": +$ (not including .silamoney.com portion). Examples: handle.silamoney.eth or handle. |
header.version | String | Optional | May be left out of request, but cannot be null if key is present.Valid values: 0.2, v0.2, V0.2 Example: 0.2 |
header.reference | String | Optional | Any value for your own reference. Can be any string, uniqueness not required. May not be null. Example: 07e71ee7-4878-4424-862a-3113e83ae09b . |
Responses
The response will contain a JWT access token, the token's expiration time in both epoch and human-friendly format, and a success
boolean.
Key | Data Type | Description |
---|---|---|
success | Boolean | True for a successful response. |
access_token | JSON object | A container for access token data. |
access_token.token | String | A 205-character string. |
access_token.expiration | Integer | A Unix epoch timestamp in seconds. Can be up to 8 hours in the future. |
access_token.expiration_dt | String | A human-friendly representation of the expiration value, conforms to ISO 8601 for combined date and time values.Example: 2021-01-24T19:12:08.454818Z |
Invalidating an Auth Token
If you feel that your application's current and unexpired Auth Token has become compromised, you may immediately invalidate it by calling this endpoint with a DELETE
method.
DELETE /0.2/auth_token HTTP/1.1
Host: sandbox.silamoney.com
Authorization: Basic bXlfYXBwX2NsaWVudF9pZDpteV9hcHBfY2xpZW50X3NlY3JldA==
Content-Type: application/json
{
"header": {
"created": 1234567890,
"auth_handle": "handle.silamoney.eth",
"version": "0.2",
"reference": "<your unique id>"
}
}
***
HTTP/1.1 200 OK
{
"success": True
}
Requests
Key | Data Type | Required/Optional | Description |
---|---|---|---|
header | JSON object | Required | A container for request metadata |
header.created | Integer | Required | Unix epoch timestamp in seconds. The date & time must not be future-dated and must not be dated more than 5 minutes in the past. |
header.auth_handle | String | Required | Must be globally unique. Min length 3, max 100 (not including . silamoney.com portion, which can be optionally left off). This value should match the required regex pattern: ^", "h-2": +$ (not including .silamoney.com portion). Examples: handle.silamoney.eth or handle. |
header.version | String | Optional | May be left out of request, but cannot be null if key is present.Valid values: 0.2, v0.2, V0.2 Example: 0.2 |
header.reference | String | Optional | Any value for your own reference. Can be any string, uniqueness not required. May not be null. Example: 07e71ee7-4878-4424-862a-3113e83ae09b . |
Responses
Key | Data Type | Description |
---|---|---|
success | Boolean | True for a successful response. |
For Authentication failure responses refer to the Authenticating with an Auth Token docs.
Updated 8 months ago