Authentication API

Returns an access token used to access all other endpoints. The API is independent of the authentication method used (platform credentials or FintechOS Identity Provider).

If the user account is inactive, the request will not return an access token.

Each request generates a new token for the user account, but previous tokens are still functional until they expire. It is recommended to use an access token until it expires before generating a new one.

In the Swagger interface, the endpoint is displayed at the beginning of each of the lists of Entity APIs, Endpoint APIs, Digital Journey APIs, and MassOperations API.

Once you retrieve the access token, use the Authorize button in the Swagger interface to provide the token and gain access to all endpoints in one step.

Syntax

Copy

POST <host_address>/ftosapi/authentication/keycloakToken
{
  "userName": "user",
  "password": "pass"
}

Parameter	Description
`userName`	User name for an account with access to the HPFI.
`password`	Password of the above user account.

Response

Copy

{
  "accessToken": "eyJhbGciOiJSUz...",
  "expiresIn": 0,
  "refreshExpiresIn": 900,
  "refreshToken": "eyJhbGciOiJIUz...",
  "tokenType": "Bearer",
  "notBeforePolicy": 1642749169,
  "sessionState": "dceb9019-b354-4a5c-a777-c1153c674a71",
  "scope": "profile email"
}

Parameter	Description
`accessToken`	Access token required used to authenticate when sending API requests.
`refreshExpiresIn`	Number of seconds the token is valid since it was generated.