Inswitch APIs authentication and authorization is based on two levels, the first level is the use of API Key for channel authentication and the second level is the use of oAuth 2.0 for Entity authorization, see Wallet section for more information about Entities .
Since all Inswitch products are based on our Core Banking Platform, there must always be at least one entity present to represent the merchant's account. Thus, to use the API, an API key must be provided and OAuth 2.0 authentication must be performed.
The API Key should be pass in all API calls as the header apikey, additionally a token should be passed in the X-User-Bearer header. The token is obtained using the Auth_Service API
The Token Auth-Service API return two tokens:
By default, the access token expires after 5 minutes, and the refresh token expires after 30 minutes. However, both expiration times can be adjusted to meet the specific needs of the merchant. While the access token is active, it can be used multiple times.
Inswitch APIs authentication and authorization is based on two levels, the first level is the use of API Key for channel authentication and the second level is the use of oAuth 2.0 for Entity authorization, see Wallet section for more information about Entities .
Since all Inswitch products are based on our Core Banking Platform, there must always be at least one entity present to represent the merchant's account. Thus, to use the API, an API key must be provided and OAuth 2.0 authentication must be performed.
The API Key should be pass in all API calls as the header apikey, additionally a token should be passed in the X-User-Bearer header. The token is obtained using the Auth_Service API
The Token Auth-Service API return two tokens:
By default, the access token expires after 5 minutes, and the refresh token expires after 30 minutes. However, both expiration times can be adjusted to meet the specific needs of the merchant. While the access token is active, it can be used multiple times.
.png)
