Authentication
In order to access the API's endpoints, you need an access token provided via the FintechOS Identity Provider web app authentication API. The resources available via the API depend on the privileges your user account has in the system. If the user account is inactive, the request will not return an access token.
Each request generates a new token for the user account, but previous tokens are still functional until they expire. It is recommended to use an access token until it expires before generating a new one.
You can use the access token issued by the FintechOS Identity Provider web app to run API requests on either the Studio or Portal web service. The request for the token is:
POST {host_address}/ftosapi/authentication/keycloakToken
Content-Type: application/json
{
"userName": {user_name},
"password": {user_password}
}
Fill in the following parameters in the request:
| Parameter | Value |
| host_address | Root URL of your HPFI environment. |
| userName | HPFI user account name. |
| password | HPFI user account password. |
The response should have the following structure:
{
"accessToken": "eyJhb...qBJA",
"expiresIn": 0,
"refreshExpiresIn": 1800,
"refreshToken": "eyJhb...UfkEU",
"tokenType": "Bearer",
"notBeforePolicy": 0,
"sessionState": "4fdf3137-e3a1-4f11-b012-3fac66d45a8a",
"scope": "email profile"
}You can now use the "accessToken" value to authenticate your API requests.