Authorisation

/authorize/signin

POST https://sandbox.walletengine.io/api/authorize/signin

Use this API to authenticate your user login, to ensure that client requests access data securely. Successful authentication will return the user’s profile, accounts, and token code. You can store the token at the user devices or on the server storage when your application supports multiple platforms. The access token is passed by the API as the bearer token in the Authorization header. Wallet Engine provides two ways to authorize the users: - password: Password is not mandatory, but if required then it is set during the activation process. Make sure you have hashed the password before calling the API. - passcode: The passcode is generated by the API /authorize/opt/generate and sent over SMS.

Revocation, the tokens can be invalidated or revoked at any time, for different reasons. These fall into two main categories:

Timeout: max_inactive_time: If the token hasn't been used within the time dictated by the max_inactive_time, the token will no longer be valid.

Revocation: Password expires, Password changed by the user, Admin resets the password, Admin revokes all tokens, The user signs-out.

Headers

Name
Type
Description

Content-Type

string

application/json

Request Body

Name
Type
Description

app_id

string

This is the unique App ID assigned to you by Wallet Engine.

country_dial_code

number

phone_number

number

password

string

The user's password

passcode

string

One-time passcode using voice or SMS message.

max_inactive_time

number

Default: 60*24*7 = 10080 minutes.

{
  "profile": {
    "kyc_level": 0,
    "kyc_status": "OK",
    "client_id": "931917458",
    // ... profile/query response
  },
  "accounts": [
    {
      "account_id": "EWCV144",
      "account_state": "approved",
      "currency_code": "SGD",
      "available_balance": 0,
      // ...
    }
  ]
  "token": "string"
}

Example Request

  • Sign-in with password:

{
  "app_id": "5db2a50be7626",
  "country_dial_code": "84",
  "phone_number": "329953969",
  "password": "c4ca4238a0b923820dcc509a6f75849b",
  "max_inactive_time": 10800
}
  • Sign-in with passcode:

{
  "app_id": "5db2a50be7626",
  "country_dial_code": "84",
  "phone_number": "375902107",
  "passcode": "125595",
  "max_inactive_time": 10800
}

Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.

Error

Description

invalid_arguments

The method was called with invalid arguments.

invalid_arg_name

The method was passed an argument whose name falls outside the bounds of accepted or expected values.

invalid_auth

Some aspects of authentication cannot be validated.

(bad phone_number / password or passcode)

/authorize/revoke

POST https://sandbox.walletengine.io/api/authorize/revoke

Use this API to revokes the access token. The token is also automatically revoked when: - token timeouts by max_inactive_time. - password has been changed by the user.

Headers

Name
Type
Description

Authorization

string

Bearer {{token}}

Content-Type

string

application/json

Request Body

Name
Type
Description

app_id

string

This is the unique App ID assigned to you by Wallet Engine.

{
  "valid": true
}

Example Request

{
  "app_id": "5db2a50be7626"
}

Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.

Error

Description

invalid_arguments

The method was called with invalid arguments.

/authorize/verify

POST https://sandbox.walletengine.io/api/authorize/verify

Use this API to validate a phone number that can be used in the system.

Headers

Name
Type
Description

Content-Type

string

application/json

Request Body

Name
Type
Description

app_id

string

This is the unique App ID assigned to you by Wallet Engine.

country_dial_code

number

The phone's country code.

phone_number

number

{
  "valid": true
}

Example Request

{
  "app_id": "5db2a50be7626",
  "country_dial_code": "84",
  "phone_number": "375902107"
}

Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.

Error

Description

invalid_arguments

The method was called with invalid arguments.

invalid_arg_name

The method was passed an argument whose name falls outside the bounds of accepted or expected values.

invalid_phone_number

The phone number is blacklisted or incorrect for sending messages.

phone_number_is_registered

The phone number already exists with this App ID.

phone_number_has_desisted

The phone number verification has to be reinitiated.

/authorize/otp/generate

POST https://sandbox.walletengine.io/api/authorize/otp/generate

Use this API to request a One-Time Password. A 6-digit verification code is sent to the user’s phone number by VOICE or SMS. OTP can be used for: - Authentication of the user's wallet (sign-in). - Change phone number, validate the new phone number. - Reset the password or update a new password.

Headers

Name
Type
Description

Content-Type

string

application/json

Request Body

Name
Type
Description

app_id

string

This is the unique App ID assigned to you by Wallet Engine.

country_dial_code

number

phone_number

number

offer

string

- sms (default) - call

locale

string

- en (default) Refer to: https://www.twilio.com/docs/authy/api/one-time-passwords#supported-languages

{
  "valid": true,
  "expire_at" : 1449745099
}

Response expires_at= Epoch

Example Request

{
    "app_id": "5db2a50be7626",
    "country_dial_code": "65",
    "phone_number": "909099999",
    "offer": "sms"
}

Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.

Error

Description

invalid_arguments

The method was called with invalid arguments.

invalid_arg_name

The method was passed an argument whose name falls outside the bounds of accepted or expected values.

invalid_phone_number

The phone number is blacklisted or incorrect for sending messages.

phone_number_has_desisted

The phone number verification has to be reinitiated.

invalid_passcode

Invalid passcode. This error message has occurred during verification.

/authorize/reset/password

POST https://sandbox.walletengine.io/api/authorize/reset/password

Use this API to reset the user’s password without the need for a current password. As part of the process, the user will need to authenticate themselves by providing a One Time Password sent to their phone. The OTP is generated by the API authorize/otp/generate.

Headers

Name
Type
Description

Content-Type

string

application/json

Request Body

Name
Type
Description

app_id

string

This is the unique App ID assigned to you by Wallet Engine.

country_dial_code

number

phone_number

number

password

string

The user's new password.

passcode

number

One-time passcode using voice or SMS message.

{
    "valid": true
}

Example Request

{
    "app_id": "5db2a50be7626",
    "country_dial_code": "65",
    "phone_number": "909099999",
    "password": "1187aff0b00c31ea5961d392a1e51599",
    "passcode": "232971"
}

Errors This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing.

Error

Description

invalid_arguments

The method was called with invalid arguments.

invalid_arg_name

The method was passed an argument whose name falls outside the bounds of accepted or expected values.

invalid_passcode

The passcode is expired or invalid.

Last updated

Was this helpful?