API Authentication

Auth Overview

The system currently requires the following authentication methods

API KEY: The API Key is required to to access any endpoint of the system. The API Key is also linked to whitelisted host or IP addresses allowed to send requests
```
  curl -H 'Accept: application/json' -H "X-API-KEY: Bearer ${apiKey}" https://dev-testnet.wallaby.cash/api/v1/resouces
```
JWT Access Token: The access token is being returned when signing, login and refreshing an existing access token. The access token should be used as a bearer token provided in the request header as follows
```
  curl -H 'Accept: application/json' -H "Authorization: Bearer ${accessToken}" https://dev-testnet.wallaby.cash/api/v1/resouces
```

ClientAuthPubKey (aka deviceAuthPubKey): This is a user or client-generated authentication public key used for message encryptions and signature verification.
ClientAuthPrivKey (aka deviceAuthPubKey): This is a user or client-generated authentication private key used for message decryptions and signing
WallabyAuthPubKey: This is wallaby generated authentication public key associated with a certain user or client used for message encryptions and signature verification.
WallabyAuthPrivKey: This is wallaby generated authentication private key associated with a certain user or client used for message decryptions and signing
Seed or Mnemonic or Recovery phrase: This is the series of words from which all assets keys are derived from, this is considered as the asset list holding credential in the entire system
Secure Remote Password protocol : The system uses mostly SRP protocol for authentication.

Last updated 10 months ago

The system currently requires the following authentication methods

API KEY: The API Key is required to to access any endpoint of the system. The API Key is also linked to whitelisted host or IP addresses allowed to send requests
```
  curl -H 'Accept: application/json' -H "X-API-KEY: Bearer ${apiKey}" https://dev-testnet.wallaby.cash/api/v1/resouces
```
JWT Access Token: The access token is being returned when signing, login and refreshing an existing access token. The access token should be used as a bearer token provided in the request header as follows
```
  curl -H 'Accept: application/json' -H "Authorization: Bearer ${accessToken}" https://dev-testnet.wallaby.cash/api/v1/resouces
```

ClientAuthPubKey (aka deviceAuthPubKey): This is a user or client-generated authentication public key used for message encryptions and signature verification.
ClientAuthPrivKey (aka deviceAuthPubKey): This is a user or client-generated authentication private key used for message decryptions and signing
WallabyAuthPubKey: This is wallaby generated authentication public key associated with a certain user or client used for message encryptions and signature verification.
WallabyAuthPrivKey: This is wallaby generated authentication private key associated with a certain user or client used for message decryptions and signing
Seed or Mnemonic or Recovery phrase: This is the series of words from which all assets keys are derived from, this is considered as the asset list holding credential in the entire system
Secure Remote Password protocol : The system uses mostly SRP protocol for authentication.

Last updated 10 months ago