Guide

Guide

How to use this API Collection

This documentation describes how to use the SFT APIs using the official Postman collection.

Prerequisites

• Install Postman from https://www.postman.com/downloads/

• Access credentials for the SFT platform

Importing the Collection

1. Open the documentation and select Run in Postman.

2. Choose Postman for Windows (or your OS).

3. The Postman application will launch and import the collection automatically.

Environment Variables

Ensure the correct environment is selected in Postman:

• URL: Base URL used for all APIs (e.g. https://sft.bics.com)

• Auth_Key: Automatically populated after calling the Access Token API

Authentication Flow

1. Call POST Access Token using your username and password.

2. The response returns:

   • JWT Access Token (short-lived)

   • JWT Refresh Token (long-lived)

3. The Access Token is automatically stored and sent in subsequent API calls.

Token Refresh

When the Access Token expires:

• Use GET Refresh Token with the Refresh Token in the X-Authorization header

• A new Access Token and Refresh Token are returned

Security

• Only TLS 1.2 is supported

• REST APIs use JSON payloads

• Authentication is based on JWT (RFC 7519)

Common Headers

For all APIs except Access Token:

Content-Type: application/json
X-Authorization: Bearer <AccessToken>

Notes

• CORS is currently not supported

• Rate limits and timeouts are documented in dedicated sections