Authentication
There are three authentication methods available to the IdentityX API:
AppUser authentication - Used by end-users of the IdentityX application to view and modify individual app user information.
OrgUser authentication - Used by administrative users to manage application users, comments, and application/organization settings.
OrgUser API Token authentication - Used with a permanent API token to perform tasks without user interaction.
Most use cases will use OrgUser
authentication.
AppUser
A customer authentication token can be retrieved by:
Executing the
sendAppUserLoginLink
mutation with a valid email address andx-app-id
header. This will send an email with a "magic link" (containing a temporary JWT in thetoken
parameter).Executing the
loginAppUser
mutation and supplying thetoken
from the email. This is then exchanged for a long-lived authentication token.
When sending a request to either mutation, the x-app-id
header must be sent, identifying the application the user belongs to.
When sending a request with AppUser authentication, send the token using Bearer authentication with the prefix AppUser
:
OrgUser
An administrative authentication token can be retrieved by:
Executing the
sendUserLoginLink
mutation with a valid email address. This will send an email with a "magic link" (containing a temporary JWT in thetoken
parameter).
Executing the
userLogin
mutation and supplying thetoken
from the email. This is then exchanged for a long-lived authentication token.
When sending a request with OrgUser
authentication, send the token using Bearer
authentication with the prefix OrgUser
:
OrgUserAPIToken
A permanent API token can be obtained for use within scripts or API integrations. To create a token, you must first authenticate with OrgUser credentials.
Once you have obtained your OrgUser
token, you can use the createActiveUserApiToken
to generate a permanent API credential:
When sending a request with your permanent API token, send the token using Bearer
authentication with the prefix OrgUserApiToken
:
Last updated