Authentication
Last updated
Last updated
There are three authentication methods available to the IdentityX API:
- Used by end-users of the IdentityX application to view and modify individual app user information.
- Used by administrative users to manage application users, comments, and application/organization settings.
- Used with a permanent API token to perform tasks without user interaction.
Most use cases will use OrgUser
authentication.
A customer authentication token can be retrieved by:
Executing the sendAppUserLoginLink
mutation with a valid email address and x-app-id
header. This will send an email with a "magic link" (containing a temporary JWT in the token
parameter).
Executing the loginAppUser
mutation and supplying the token
from the email. This is then exchanged for a long-lived authentication token.
When sending a request to either mutation, the x-app-id
header must be sent, identifying the application the user belongs to.
When sending a request with AppUser authentication, send the token using Bearer authentication with the prefix AppUser
:
An administrative authentication token can be retrieved by:
Executing the sendUserLoginLink
mutation with a valid email address. This will send an email with a "magic link" (containing a temporary JWT in the token
parameter).
Executing the userLogin
mutation and supplying the token
from the email. This is then exchanged for a long-lived authentication token.
When sending a request with OrgUser
authentication, send the token using Bearer
authentication with the prefix OrgUser
:
A permanent API token can be obtained for use within scripts or API integrations. To create a token, you must first authenticate with OrgUser credentials.
Once you have obtained your OrgUser
token, you can use the createActiveUserApiToken
to generate a permanent API credential:
When sending a request with your permanent API token, send the token using Bearer
authentication with the prefix OrgUserApiToken
: