Auth API

The Auth API provides authentication and authorization support to our suite of APIs.

The default method of authentication against all Intelligence Fusion APIs is done through a stateless JWT token provided as an Authorization: Bearer header. The documentation below provides support for creating user tokens for user initiated communication and application tokens for machine to machine communication.

Servers

  • Production: https://auth.intelligencefusion.co.uk
  • Staging: https://auth.staging.intelligencefusion.co.uk

POST /user/token Create a user authentication token

This endpoint creates an authentication token for use as the Authorization bearer token in the header when making further API requests.

All tokens have a 24-hour lifespan. You must re-generate your authentication token every 24-hours.

HTTP Request

curl -X POST 'https://auth.intelligencefusion.co.uk/user/token' \
  -H 'Content-Type: application/json' \
  -H 'Origin: {{YOUR_API_DOMAIN}}' \
  --data '{
    "email":"{{YOUR_EMAIL}}",
    "password":"{{YOUR_PASSWORD}}"
  }' \
  --compressed

Headers

Name Type Required Description
Origin string ✔️ Your API domain

Body

Name Type Required Description
email string ✔️ The email address for the user
password string ✔️ The password for the user

HTTP Response

{
    "status": "success",
    "data": {
        "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…"
    }
}

Success

Code Status Description
200 Success Returns a body containing your valid accessToken

Errors

Code Status Description
401 Unauthorized Email and password do not match
401 Unauthorized User access window has expired
422 Unprocessable Entity Missing password request body parameter
429 Too Many Requests Too many authentication attempts. Try again in 5 minutes

POST /application/token Create an application authentication token

This endpoint creates an authentication token for use as the Authorization bearer token in the header when making further API requests.

All tokens have a 24-hour lifespan. You must re-generate your authentication token every 24-hours.

HTTP Request

curl -X POST 'https://auth.intelligencefusion.co.uk/application/token' \
  -H 'Content-Type: application/json' \
  -H 'Origin: {{YOUR_API_DOMAIN}}' \
  --data '{
    "clientId":"{{CLIENT_ID}}",
    "secret":"{{CLIENT_SECRET}}"
  }' \
  --compressed

Headers

Name Type Required Description
Origin string ✔️ Your API domain

Body

Name Type Required Description
clientId string ✔️ The ID for the application
secret string ✔️ The secret key for the application

HTTP Response

{
    "status": "success",
    "data": {
        "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…"
    }
}

Success

Code Status Description
200 Success Returns a body containing your valid accessToken

Errors

Code Status Description
401 Unauthorized Client ID and secret do not match
422 Unprocessable Entity Missing client ID body parameter