Authentication

Get your access token

Before doing any other API calls you have to obtain an auth token. It's a standard JWT token carrying the following payload:

{
  ...

  "iat": 1620967717,
  "exp": 1621054117
}

Tip: Use this handy website to parse the token contents: jwt.io

The token lifetime is 4 hours at this time. We might change this value in the future.

Warning! You can't log in more than once per second. This limit is in place to maintain platform stability.

To be more future-proof, it is recommended to parse the token payload and compare current time to the token's expiration time. JavaScript code:

const seconds = JSON.parse(Buffer.from(token.split(".")[1], "base64url")).exp;
if (Date.now() >= seconds*1000) {
  // get new token
}

This login mutation is a subject to change in the future.

Getting a token

After we enable you, go to the API Playground, click "DOCS" on the right to explore the possibilities.
Find there the login mutation. Execute it to obtain your access token. For example: mutation { login(input: {email: "YOUR_EMAIL" password: "YOUR_PWD"}) {token message} }
Click the "HTTP HEADERS" on the bottom and add this: {"authorization": "Bearer YOUR_TOKEN"}. Replace the YOUR_TOKEN with the token you just got.
Execute any other queries.

Here is an example of the login query.

We suggest always sending your queries and related data separately using the "QUERY VARIABLES" tab in the API playground or programmatically by submitting the variables as JSON.

const bodyJSON = {
  variables: {
    input: {
      email: "[email protected]",
      password: "12345678",
    },
  },
  query: `
mutation ($input: LoginInput!) {
  login(input: $input) {
    token message code success
  }
}`,
};

mutation($input: LoginInput!) {
  login(input: $input) {
    token
    message
    code
    success
  }
}

{
  "input": { 
    "email": "[email protected]", 
    "password": "12345678" 
  }
}

{
  "data": {
    "login": {
      "token": "YOUR_TOKEN",
      "message": "OK",
      "code": "SUCCESS",
      "success": true
    }
  }
}

If using API Playground then click the "HTTP HEADERS" on the bottom left and paste there the following (replace the YOUR_TOKEN with the value you have just received form the above mutation):

{
  "authorization": "Bearer YOUR_TOKEN"
}

Affiliation

Clients that have contractual agreements with more than one subsidiary of Flash Payments, can use the optional field affiliation to control which account to log into.

The affiliation field accepts one of two constant values - FP_AUS or FP_LUX - which are passed unquoted.

{
  "input": { 
    "email": "[email protected]", 
    "password": "12345678",
    "affiliation": FP_AUS 
  }
}

If the affiliation value does not correspond to an existent account, authentication will fail with code UNREGISTERED even if an account exists with another affiliation and the credentials are correct.

If the user has multiple affiliations and the field affiliation is omitted, authentication will fail with code NEED_AFFILIATION.

PreviousRequired fields NextQuote

Last updated 2 days ago

Was this helpful?