Authentication
Last updated
Last updated
There are three authentication methods available to the IdentityX API:
- Used by end-users of the IdentityX application to view and modify individual app user information.
- Used by administrative users to manage application users, comments, and application/organization settings.
- Used with a permanent API token to perform tasks without user interaction.
Most use cases will use OrgUser authentication.
A customer authentication token can be retrieved by:
Executing the sendAppUserLoginLink mutation with a valid email address and x-app-id header. This will send an email with a "magic link" (containing a temporary JWT in the token parameter).
Executing the loginAppUser mutation and supplying the token from the email. This is then exchanged for a long-lived authentication token.
When sending a request to either mutation, the x-app-id header must be sent, identifying the application the user belongs to.
When sending a request with AppUser authentication, send the token using Bearer authentication with the prefix AppUser:
An administrative authentication token can be retrieved by:
Executing the sendUserLoginLink mutation with a valid email address. This will send an email with a "magic link" (containing a temporary JWT in the token parameter).
Executing the userLogin mutation and supplying the token from the email. This is then exchanged for a long-lived authentication token.
When sending a request with OrgUser authentication, send the token using Bearer authentication with the prefix OrgUser:
A permanent API token can be obtained for use within scripts or API integrations. To create a token, you must first authenticate with OrgUser credentials.
Once you have obtained your OrgUser token, you can use the createActiveUserApiToken to generate a permanent API credential:
When sending a request with your permanent API token, send the token using Bearer authentication with the prefix OrgUserApiToken: