Authentication

All Intergiro API endpoints are protected and require a valid JWT access token supplied with each request.

Example API request using access_token:

GET /v3/individuals

Content-Type: application/json
Authorization: Bearer <access_token>

Session

API keys are used for logging in and are provided separately. Make sure to secure it properly and feel free to contact the Integration manager in case of questions.

Session API endpoints allow you to obtain and subsequently renew access tokens.

Logging in

Example Login request:

POST /v3/auth/login

Content-Type: application/json

{
  "api_key": "c5f90f4b-9d69-416a-8611-8a8c8d605c36"
}

Response:

HTTP 200 OK

{
  "access_token": "eyJraWQiOiIxIiwiYWxnIjoi...",
  "refresh_token": "eyJzZXNzaW9uSWQiOiJmMjUa..."
}

Successful login request returns access_token and refresh_token.

WARNING

It is important that you keep refresh_token around, in case the session expires and you need to renew the access token. Not relying on refresh tokens may trigger fraud prevention mechanisms that may lead to service disruption.

Refreshing token

Whenever an API call returns 401 Unauthorized response, it means the session has expired and the access token must be renewed. This can be achieved by calling POST /auth/refresh endpoint.

Example refresh access token request:

POST /v3/auth/refresh

Content-Type: application/json

{
  "refresh_token": "c5f90f4b-9d69-416a-8611-8a8c8d605c36"
}

Response

HTTP 200 OK

{
  "access_token": "eyJraWQiOiIxIiwiYWxnIjoi...",
  "refresh_token": "eyJzZXNzaW9uSWQiOiJmMjUa..."
}

Whether it's the first time logging in or refreshing existing expired session, always keep the latest refresh_token for the next renewal.

WARNING

Please be aware that token refresh attempt should be performed only after access token has expired. Attempts to prematurely refresh token will end with an error.