Both the REST API and the client-side SDK require authenticating your application to the Fordefi server:
- The REST API requires an API User access token, which identifies your backend application to the Fordefi server. This token is not scoped to a particular end user of yours, and has full access to all the data in your Fordefi workspace (again, except end-user MPC shares). As such, this token must never be passed to the client side.
- The SDK requires an end-user authorization token, which identifies an individual end user to the Fordefi server. This token is scoped to a particular end user.
You can generate API User access tokens for your application on the Fordefi Web Console, as described in the REST API User Guide. Your backend application can then use the Issue Authorization Token API call to generate end-user authentication tokens for individual users. You must then pass the authorization token to your client-side application, which should subsequently pass it to the login
function of the Fordefi SDK. You will probably do this whenever the user logs into your application.
Token Expiration
Each end user can have up to ten active tokens at any time. By default, the token is valid for 24 hours but you can set the value of your choice using the
expiration
argument.