Authentication

Authentication is a crucial aspect of our IDMkyc RESTful API implementation, providing a means to verify the identity of clients attempting to access our services. API Authentication serves as a barrier between unauthorized users and our APIs, ensuring that only an authenticated and authorized users can access our sensitive services.

IDMkyc API utilizes a token-based authentication to ensure secure access to our APIs. Clients and users are required to obtain a temporary token after successful authentication. These tokens are required to be included in subsequent API requests to prove the client's identity.

Pre-Requisites

  • Make sure you've the credentials used to login in to the Developer Portal.

  • Also, make sure you've the Sandbox & Production "consumer key" & "consumer secret" available with you.

Method 1: Generate token using Password Grant type

This method allows user to generate token by using username & password, with base64 encoded “Consumer Key” and “Consumer Secret”.

Sample cURL:

curl --location 'https://gw.idmerit.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic Base64(consumer-key:consumer-secret)' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username={{username}}' \
--data-urlencode 'password={{password}}'

Sample Response:

{
 "access_token": "ac3*****-****-****-****-*********5da",
 "refresh_token": "f5f*****-****-****-****-*********a3e",
 "scope": "default",
 "token_type": "Bearer",
 "expires_in": 3600
}

Method 2: Generate token using Client Credentials

Using the base64 encoded “Consumer Key” and “Consumer Secret”, user can easily generate the token to access the application. By default, the token validity period is set to 3600 seconds. (If you’ve previously generated a non-expiry token, this method will always return the non-expiry token)

Sample cURL:

curl --location 'https://gw.idmerit.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic Base64(consumer-key:consumer-secret)' \
--data-urlencode 'grant_type=client_credentials'

Sample Response:

{
 "access_token": "j80*****-****-****-****-*********lja",
 "scope": "am_application_scope default",
 "token_type": "Bearer",
 "expires_in": 3600
}

Method 3: Generate token via Developer Portal

IDMkyc Developer offers option to generate token. (If you’ve previously generated a non-expiry token, this method will always return the non-expiry token.) Please follow below steps to generate token via Developer Portal:

  1. Open the link: https://apim.idmerit.com/devportal/apis

  2. Login using your username-password

  3. Select “Application” tab.

  1. Go to Sandbox Keys or Production Keys, and click on "Generate Access Token".

  1. Enter the desired validity period. By default, the validity period is set to 3600 seconds. Click on “Generate” to generate a token.

  1. This will return an access token. Please copy and use this token while using IDMkyc APIs.

PreviousAPI ReferenceNextCreating Requests

Last updated