# Authentication

All Intergiro API endpoints are protected and require a valid JWT access token supplied with each request.

Example API request using access_token:

 


 

GET /v1/transactions

Content-Type: application/json
Authorization: Bearer <access_token>

# Session

API keys are used for logging in and are provided separately. Each API key has specific permissions assigned, which can only be specified when creating a new API key. Only users having a set of API key manage permissions can create, renew, list or delete API keys.

The API key acts on behalf of a company. It's very important to make sure it is properly secured. In case of any issues or questions with API keys, please contact our customer support.

Session API endpoints allow you to obtain and subsequently renew access tokens.

# Logging in

Example Login request:

 




 


POST /v1/auth/login

Content-Type: application/json

{
  "api_key": "c5f90f4b-9d69-416a-8611-8a8c8d605c36"
}

Response:

 


 



HTTP 200 OK

{
  "access_token": "eyJraWQiOiIxIiwiYWxnIjoi...",
  "refresh_token": "eyJzZXNzaW9uSWQiOiJmMjUa..."
}

Successful login request returns access_token and refresh_token.

WARNING

It is important that you keep refresh_token around, in case the session expires and you need to renew the access token. Not relying on refresh tokens may trigger fraud prevention mechanisms that may lead to service disruption.

# Refreshing token

Whenever an API call returns a 401 Unauthorized response, it means the session has expired and the access token must be renewed. This can be achieved by calling POST /auth/refresh endpoint.

TIP

Refresh token lasts for the duration of the whole session - so as soon as session itself is expired, then the refresh token becomes invalid.

Example refresh access token request:

 




 


POST /v1/auth/refresh

Content-Type: application/json

{
  "refresh_token": "c5f90f4b-9d69-416a-8611-8a8c8d605c36"
}

Response

 


 



HTTP 200 OK

{
  "access_token": "eyJraWQiOiIxIiwiYWxnIjoi...",
  "refresh_token": "eyJzZXNzaW9uSWQiOiJmMjUa..."
}

Whether it's the first time logging in or refreshing an existing expired session, always keep the latest refresh_token for the next renewal.

WARNING

Please be aware that a token refresh attempt should be performed only after the access token has expired. Attempts to prematurely refresh a token will result in an error.