Authentication
/
API authentication setup
Last updated

API authentication setup

Overview

API Authentication

LinkCy has 2 types of authentication :

  • Partner authentication - Is used by LinkCy to authenticate a partner. It can be used from a back or a front end.

  • Enduser authentication - Is used to authenticate the endusers which can be consumer or corporate.

Both these authentication can be used, depending on the implementation. A partner can use a partner authentication and manage its endusers assets and operation through the API.

Endusers can also login directly to manage their own operations. This second case is mostly use when the partner doesn't have a backend or a significant information system.

Authentication is performed using a JWT (JSON Web Token) that have to be provided when sending an API request.

To get a JWT, user needs to log into the application, using the dedicated Log In endpoint with user credentials.

User can be logged as a partner, a consumer or a corporate. The JWT embeds the roles granted to the user and thus will only give access to specific endpoints.

Some endpoints are also reachable as "Anonymous" and don't need any authentication :

  • Authentication endpoints
  • Consumer creation endpoint
  • Corporate creation endpoint
  • Terms & conditions endpoint

Strong customer authentication (SCA)

There is a 3rd Authentication method : Strong customer authentication (SCA).

It consists in a two-factor authentication and used to certify the origin and the content on some specific API request related to sensistive operation or data (account login, transactions, card details, etc.).

This is mandatory by PSD2 regulation.

See Strong customer authentication for setup and usage instructions.

Partner authentication setup

Partners will be given credentials directly by LinkCy.

Partner credentials consists in :

"partnerName": "string",
"username": "string",
"password": "string"

partnerName identifies the Partner and has to be provided when requested by partner or endusers.

These credentials (especially the password) have to be stored in a safe place (a vault or password manager software), as it give access to all partner's endpoint.

See Partner authentication for log in instructions.

Enduser authentication setup

"partnerName": "string",
"consumerPhone": "33123456789",
"password": "string"

Before being able to set up credentials, a Enduser has to be created.

Once the enduser has been created, authentication set up can be done in a few steps :

  • User calls the "initialize or reset a password" endpoint including his phone number.

  • This will trigger a SMS sending, cointaining an one time password.

  • This OTP has then to be used in the "change user password" endpoint ("with secret" schema) to define the chosen user password.

    "phoneVerified" attribute will change to true

UserLinkCy APISet UpLog In"Initialize or reset Password" with phone NumberOTP Secret (by SMS)"Change user Password" with Secret and New Password"Log Into the application" with credentialsJWT and refreshTokenUserLinkCy API

See Enduser authentication for log in instructions.

Password Change / Recovery

Every user can modify its password using the "change user password" endpoint.

It will have to provide his current password and a new one.

For partners, in case of password lost/forgotten/compromised, please contact your representative at LinkCy.

For consumers and corporates, "initialize or reset password" endpoint has to be used, as for a new authentication setup. This will generate an OTP sent by SMS, which has to be used to set up a new password.

Previous page
Next page