Authorisation
/authorize/signin
POST https://sandbox.walletengine.io/api/authorize/signin
Use this API to authenticate your user login, to ensure that client requests access data securely. Successful authentication will return the user’s profile, accounts, and token code. You can store the token at the user devices or on the server storage when your application supports multiple platforms. The access token is passed by the API as the bearer token in the Authorization header.
Wallet Engine provides two ways to authorize the users:
- password: Password is not mandatory, but if required then it is set during the activation process. Make sure you have hashed the password before calling the API.
- passcode: The passcode is generated by the API /authorize/opt/generate and sent over SMS.
Revocation, the tokens can be invalidated or revoked at any time, for different reasons. These fall into two main categories:
Timeout: max_inactive_time: If the token hasn't been used within the time dictated by the max_inactive_time, the token will no longer be valid.
Revocation: Password expires, Password changed by the user, Admin resets the password, Admin revokes all tokens, The user signs-out.
Headers
Content-Type
string
application/json
Request Body
app_id
string
This is the unique App ID assigned to you by Wallet Engine.
country_dial_code
number
phone_number
number
password
string
The user's password
passcode
string
One-time passcode using voice or SMS message.
max_inactive_time
number
Default: 60*24*7 = 10080 minutes.
Password or passcode is required.
Example Request
Sign-in with
password:
Sign-in with
passcode:
Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.
Error
Description
invalid_arguments
The method was called with invalid arguments.
invalid_arg_name
The method was passed an argument whose name falls outside the bounds of accepted or expected values.
invalid_auth
Some aspects of authentication cannot be validated.
(bad phone_number / password or passcode)
/authorize/revoke
POST https://sandbox.walletengine.io/api/authorize/revoke
Use this API to revokes the access token. The token is also automatically revoked when:
- token timeouts by max_inactive_time.
- password has been changed by the user.
Headers
Authorization
string
Bearer {{token}}
Content-Type
string
application/json
Request Body
app_id
string
This is the unique App ID assigned to you by Wallet Engine.
Example Request
Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.
Error
Description
invalid_arguments
The method was called with invalid arguments.
/authorize/verify
POST https://sandbox.walletengine.io/api/authorize/verify
Use this API to validate a phone number that can be used in the system.
Headers
Content-Type
string
application/json
Request Body
app_id
string
This is the unique App ID assigned to you by Wallet Engine.
country_dial_code
number
The phone's country code.
phone_number
number
Example Request
Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.
Error
Description
invalid_arguments
The method was called with invalid arguments.
invalid_arg_name
The method was passed an argument whose name falls outside the bounds of accepted or expected values.
invalid_phone_number
The phone number is blacklisted or incorrect for sending messages.
phone_number_is_registered
The phone number already exists with this App ID.
phone_number_has_desisted
The phone number verification has to be reinitiated.
/authorize/otp/generate
POST https://sandbox.walletengine.io/api/authorize/otp/generate
Use this API to request a One-Time Password. A 6-digit verification code is sent to the user’s phone number by VOICE or SMS. OTP can be used for: - Authentication of the user's wallet (sign-in). - Change phone number, validate the new phone number. - Reset the password or update a new password.
Headers
Content-Type
string
application/json
Request Body
app_id
string
This is the unique App ID assigned to you by Wallet Engine.
country_dial_code
number
phone_number
number
offer
string
- sms (default)
- call
locale
string
- en (default)
Refer to: https://www.twilio.com/docs/authy/api/one-time-passwords#supported-languages
Example Request
Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.
Error
Description
invalid_arguments
The method was called with invalid arguments.
invalid_arg_name
The method was passed an argument whose name falls outside the bounds of accepted or expected values.
invalid_phone_number
The phone number is blacklisted or incorrect for sending messages.
phone_number_has_desisted
The phone number verification has to be reinitiated.
invalid_passcode
Invalid passcode. This error message has occurred during verification.
/authorize/reset/password
POST https://sandbox.walletengine.io/api/authorize/reset/password
Use this API to reset the user’s password without the need for a current password. As part of the process, the user will need to authenticate themselves by providing a One Time Password sent to their phone. The OTP is generated by the API authorize/otp/generate.
Headers
Content-Type
string
application/json
Request Body
app_id
string
This is the unique App ID assigned to you by Wallet Engine.
country_dial_code
number
phone_number
number
password
string
The user's new password.
passcode
number
One-time passcode using voice or SMS message.
Example Request
Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.
Error
Description
invalid_arguments
The method was called with invalid arguments.
invalid_arg_name
The method was passed an argument whose name falls outside the bounds of accepted or expected values.
invalid_passcode
The passcode is expired or invalid.
Last updated
Was this helpful?