Authentication

Overview

The API uses JWT (JSON Web Token) for authentication. Clients must exchange their credentials for an access token and include it in the Authorization header of all subsequent requests.

No Refresh Token

There is no refresh token endpoint in this API. When a token expires or becomes invalid, you must obtain a new one by logging in again.

Obtain Access Token

Endpoint: POST /auth/jwt/login
Content-Type: application/x-www-form-urlencoded

To obtain a token, send a POST request with the following parameters:

Field	Type	Required	Description
`username`	`String`	Yes	Your assigned login (provided out-of-band).
`password`	`String`	Yes	Your assigned password (provided out-of-band).

Example Request

curl -X POST https://<kyc_domain>/auth/jwt/login \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "username=user@example.com&password=your_secret_password"

Successful Response (200 OK)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI...",
  "token_type": "bearer"
}

access_token: The JWT to use for authenticated calls.
token_type: Always "bearer".

Error Responses

400 Bad Request:
- LOGIN_BAD_CREDENTIALS: Wrong login/password or user is inactive.
- LOGIN_USER_NOT_VERIFIED: User exists but is not verified.
422 Unprocessable Entity: Validation errors (e.g., missing required fields).

Making Authenticated Requests

Once you have the access_token, include it in the Authorization header using the Bearer scheme for all API calls.

Header Format:

Authorization: Bearer <your_access_token>

Implementation Examples

cURL
Python
JavaScript

# Example: Fetching a protected resource
curl -X GET https://<kyc_domain>/api/v1/resource \
    -H "Authorization: Bearer <your_access_token>"

import os
import requests

# 1. Login
login_url = "https://<kyc_domain>/auth/jwt/login"
payload = {
    "username": os.environ["API_LOGIN"],
    "password": os.environ["API_PASSWORD"],
    "grant_type": "password"
}

response = requests.post(login_url, data=payload)
response.raise_for_status()
token = response.json()["access_token"]

# 2. Authenticated Request
api_url = "https://<kyc_domain>/api/v1/resource"
headers = {"Authorization": f"Bearer {token}"}

api_response = requests.get(api_url, headers=headers)
api_response.raise_for_status()

const params = new URLSearchParams();
params.set("username", process.env.API_LOGIN);
params.set("password", process.env.API_PASSWORD);
params.set("grant_type", "password");

// 1. Login
const loginRes = await fetch("https://<kyc_domain>/auth/jwt/login", {
  method: "POST",
  headers: { "Content-Type": "application/x-www-form-urlencoded" },
  body: params.toString()
});

if (!loginRes.ok) throw new Error("Login failed");
const { access_token } = await loginRes.json();

// 2. Authenticated Request
const apiRes = await fetch("https://<kyc_domain>/api/v1/resource", {
  headers: { Authorization: `Bearer ${access_token}` }
});

Overview​

Obtain Access Token​

Example Request​

Successful Response (200 OK)​

Error Responses​

Making Authenticated Requests​

Implementation Examples​