Authentication

Enablement Services supports multiple authorization scopes, depending on the level of access required.

API requests require a valid 'Authorization' header.

After creating the user, you’ll need to obtain a session token to access authenticated queries and mutations. To generate this token, use our Enablement Services Authentication endpoint. This request requires your client_id, client_secret, and the user_id returned from the registerUserOrganization mutation. Include the session token as a header in any subsequent requests requiring authentication.

Organization Scope

This scope is used to interact with organization wide resources. This can be used to view all users, connections, and tradelines.

Client Credentials Authentication

Client Credentials auth is appropriate for server-to-server use cases. Don't expose your client credentials in client side code, Github or any other insecure location.

To use Client Credentials Authentication pass the client credentials separated by a colon as the bearer token in the 'Authorization' header.

Authorization: Bearer ClientID:ClientSecret

User Scope

This scope is used to interact with an individual users data.

Session Token Auth

Session token auth is the preferred method for interacting with user data from a client side application. Utilize the login with client credentials endpoint to issue a session token on behalf of a user. Pass this session token along in the 'Authorization' header and all requests will be scoped to that user.

Authorization: Bearer SESSION_TOKEN

Basic Auth

Another way to authenticate with the user scope is to make use of a combination of client credentials and user id. This authentication method should also only be used for server-to-server use cases.

To use Basic Auth, provide a Base64-encoded combination of a Client Credentials and User ID and separated by colons.

Authorization: Basic < Base64-encoded ClientID:ClientSecret:UserId >