.jpg)
05. Authentication
05. Authentication
This page contains all documentation under this Postman category.
Additional usage notes
Authentication is based on JWT (RFC 7519).
Access Token is short-lived and used for API authorization.
Refresh Token is long-lived and used to request new access tokens.
All protected APIs require X-Authorization: Bearer <AccessToken>.
Access Token API itself does not require X-Authorization.
Resellers can use targetAccountId to access a child account without knowing the child's credentials.
Child account access is logged and visible in the child account activity logs.
In Postman, the returned Access Token is typically saved into the Auth_Key environment variable and sent in later calls.
Access Token
Path: Authentication / Access Token
Method: POST
URL: https://sft.bics.com/api/login
Description
Authentication mechanism used here will be based on JSON Web Token. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. Login API will be called to get Access Token using the credentials shared to client. Platform will verify the credentials from the credentials stored in platform DB and if success then two tokens will be generated which is
JWT Access Token - JWT Access token can be used for authentication and authorization.
JWT Refresh Token - Refresh token is long-lived token used to request new Access tokens. Its expiration time is greater than expiration time of Access token.
Support Access Feature
This feature is available only for Resellers and allows them to access their child account (at any level) without the need to know their API credentials of the child. Any access to the child account will be logged and will be visible under the activity logs of the child.
Account Access
Account Type | Access | Comments |
|---|---|---|
Reseller | Yes | |
Enterprise | Yes |
Input
Input Parameters
Field | Optional/ Mandatory | Description |
|---|---|---|
targetAccountId | O | Account ID corresponds to an organization which is a child (at any level below) of the user's organization <br>Available only at Reseller level. |
username | M | User Name corresponds to an organization |
password | M | Password corresponds to the user name of the organization |
Output
The output varies depending on the results
Output - Successful Login
Output Parameters
Field | Optional/ Mandatory | Description |
|---|---|---|
AccessToken | M | Access Token for the requested account |
RefreshToken | M | Refresh Token for the requested account |
Output - Failed Login due to incorrect credentials
Field | Optional/ Mandatory | Description |
|---|---|---|
BadCredential Exception: Username or Password not valid. | M | Occurs when the provided password is incorrect for the account. |
Output - Failed Login due to other causes
Output Parameters
Field | Optional/ Mandatory | Description |
|---|---|---|
Response | M | Object of response details |
Output Response Parameters
Field | Optional/ Mandatory | Description |
|---|---|---|
resultCode | M | Result code <br>1 – Failure |
responseId | M | Response Transaction ID |
responseTimestamp | M | Response initiated time <br>Format: dd/mm/yyyy hh:mm:ss |
resultParam | M | Object of transaction result |
Output resultParam Parameters
Field | Optional/ Mandatory | Description |
|---|---|---|
resultCode | M | Status/Error Code |
resultDescription | M | Status/Error Description |
Result Codes
Result Codes | Description |
|---|---|
10126 | API operation has Time out. Request has been received and is has timeout before we receive the response. Please verify the request has been completed successfully or not. using the appropriate APIs. |
10117 | Incorrect value in targetAccountId |
11044 | Your account has been blocked due to multiple failed login attempts. To regain access, please reset your password using the 'Forgot Password' option on the login page. |
Headers
Header | Value |
|---|---|
|
|
|
|
Request Body
{
"username":"username",
"password":"password"
}Response Examples
Access Token - Failure — 200 — OK
BadCredential Exception: Username or Password not valid.Access Token - Success — 200 — OK
{
"AccessToken": "<<Access Token>>",
"RefreshToken": "<<Refresh Token>>"
}Access Token - Support User (Successs)
{
"AccessToken": "<<Access Token>>",
"RefreshToken": "<<Refresh Token>>"
}Access Token - Support User (Failure)
{
"Response": {
"responseId": "10369852054019600",
"responseTimestamp": "01/04/2025 10:44:24",
"resultCode": "1",
"resultParam": {
"resultCode": "10117",
"resultDescription": "Incorrect value in targetAccountId"
}
}
}Access Token - Time out (Failure)
{
"Response": {
"responseId": "4923557497473643",
"responseTimestamp": "25/07/2022 20:19:57",
"resultCode": "1",
"resultParam": {
"resultCode": "10126",
"resultDescription": "API operation has Time out. Request has been received and is has timeout before we receive the response. Please verify the request has been completed successfully or not. using the appropriate APIs."
}
}
}Refresh Token
Path: Authentication / Refresh Token
Method: GET
URL: https://sft.bics.com/api/RefreshToken
Description
This API will be used to generate new access token if access token got expired. In Header of request make sure you use the Refresh token received from “Access token” API. As a result of this API we will generate new access token and new Refresh token for further use.
Account Access
Account Type | Access | Comments |
|---|---|---|
Reseller | Yes | |
Enterprise | Yes |
Output Parameters
Field | Optional/Mandatory | Description |
|---|---|---|
AccessToken | M | Access Token for the requested account |
RefreshToken | M | Refresh Token for the requested account |
Headers
Header | Value |
|---|---|
|
|
|
|
|
|
Response Examples
Refresh Token - Success — 200 — OK
{
"NewAccessToken": "NewAccessToken",
"NewRefreshToken": "NewRefreshToken"
}