Auth API
https://auth.s7risk.com
The Auth API provides authentication and authorization support to our suite of APIs.
The default method of authentication against all Intelligence Fusion APIs is
done through a stateless JWT token provided as an
Authorization: Bearer header. The documentation below provides
support for creating user tokens for user initiated communication and
application tokens for machine to machine communication.
POST /user/token
Create a user authentication token
This endpoint creates an authentication token for use as the Authorization bearer token in the header when making further API requests.
All tokens have a 24-hour lifespan. You must re-generate your authentication token every 24-hours.
HTTP Request
curl -X POST 'https://auth.s7risk.com/user/token' \
-H 'Content-Type: application/json' \
-H 'Origin: {{YOUR_API_DOMAIN}}' \
--data '{
"email":"{{YOUR_EMAIL}}",
"password":"{{YOUR_PASSWORD}}"
}' \
--compressed
Headers
| Name | Type | Required | Description |
|---|---|---|---|
Origin |
string | ✔️ | Your API domain |
Body
| Name | Type | Required | Description |
|---|---|---|---|
email |
string | ✔️ | The email address for the user |
password |
string | ✔️ | The password for the user |
HTTP Response
{
"status": "success",
"data": {
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…"
}
}
Success
| Code | Status | Description |
|---|---|---|
| 200 | Success | Returns a body containing your valid accessToken |
Errors
| Code | Status | Description |
|---|---|---|
| 401 | Unauthorized | Email and password do not match |
| 401 | Unauthorized | User access window has expired |
| 422 | Unprocessable Entity | Missing password request body parameter |
| 429 | Too Many Requests | Too many authentication attempts. Try again in 5 minutes |
POST /application/token
Create an application authentication token
This endpoint creates an authentication token for use as the Authorization bearer token in the header when making further API requests.
All tokens have a 24-hour lifespan. You must re-generate your authentication token every 24-hours.
HTTP Request
curl -X POST 'https://auth.s7risk.com/application/token' \
-H 'Content-Type: application/json' \
-H 'Origin: {{YOUR_API_DOMAIN}}' \
--data '{
"clientId":"{{CLIENT_ID}}",
"secret":"{{CLIENT_SECRET}}"
}' \
--compressed
Headers
| Name | Type | Required | Description |
|---|---|---|---|
Origin |
string | ✔️ | Your API domain |
Body
| Name | Type | Required | Description |
|---|---|---|---|
clientId |
string | ✔️ | The ID for the application |
secret |
string | ✔️ | The secret key for the application |
HTTP Response
{
"status": "success",
"data": {
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…"
}
}
Success
| Code | Status | Description |
|---|---|---|
| 200 | Success | Returns a body containing your valid accessToken |
Errors
| Code | Status | Description |
|---|---|---|
| 401 | Unauthorized | Client ID and secret do not match |
| 422 | Unprocessable Entity | Missing client ID body parameter |