Go to websiteContact us!

Authentication

How customer can authenticate to our API?

Our platform uses a multi-tenancy structure where all API access requires both authentication and authorization. This ensures secure, traceable access to your tokenization operations.

oAuth provider

We use Firebase by Google for our OAuth service. You can work with their APIs directly or use their SDK for easier integration.

Onboarding process

During onboarding, we provide you with:

  • An admin user who can create additional users tailored to your integration needs

  • API key to communicate with Firebase.

Since our system maintains comprehensive audit trails, we recommend creating granular user accounts to clearly track which person or system performed each action.

Authentication methods

Users can authenticate using one of two methods: email or api_key (see Users and Roles for more details on user management).

  • Email authentication: Best when you don't have your own user management system or when users need to access our dashboards and UIs in addition to API. We provision an initial password through Firebase, which handles the login process for our interfaces and can serve as the authentication provider for custom UIs you build

  • API key: Ideal when you manage user authentication in your own systems or need API access for technical integrations. Users receive a refresh token that your systems can use when triggering API actions. This method works well for technical users like cron jobs, monitoring systems, and data synchronization services.

Common authentication scenarios

  • You have an existing user management system: Use API key authentication. Create a user for each person in your system and control which token is used for API calls to maintain clear audit trails.

  • You build custom UIs for employees: Use email authentication to leverage Firebase for user login management in your custom interface.

  • Your employees use our dashboards and UIs: Use email authentication so your team can log into our white-label interfaces.

  • You integrate technical services: For services like monitoring systems, data synchronization, schedulers, and other automated processes that use our API. Use API key authentication with separate tokens for different service types to maintain clear audit separation, especially for processes that make changes.

Regardless of which authentication method you choose, it allows you to use a refresh token to retrieve temporary access tokens (access token or ID token in Firebase terminology), which are necessary for authentication on our API.

Our system logs all actions and changes according to the user credentials used. To get the most value from audit trails, create separate users for different people and systems - this lets you clearly identify who or what performed each action. See Audit trails section for more details

Firebase integration examples

For complete implementation details, refer to the Firebase API documentation. Here are the key steps:

Obtaining refresh token

Create a user with auth_type set to api_key. We'll provide the refresh token directly in the response.

Obtaining access (id) token

Once you have a refresh token (which doesn't expire), use it to request temporary access tokens through Firebase's API.

These access tokens are what you'll use for actual API calls to our platform.

Authenticating requests

Include your valid access token as a Bearer token in the Authorization header for each API request:Authorization: Bearer <your_id_token> .

Invalid or expired tokens will return a 401 Unauthorized status, missing permissions for authentication user (authorization failure) will return a 403 Forbidden .

PreviousStandards and formatsNextData structure overview

Last updated