There are two parts of the authentication for applications that employ the Fordefi SDK:

  1. Customer backend using REST API calls: Using an API user access token as described in the REST API User Guide.
  2. Users' mobile SDK operations: Using a unique authorization token that is generated for each end user. The authorization token is passed to the SDK using the login method and is valid for 24 hours.

The following code example shows how to pass the authorization token to the SDK for login:

async function initLogin() {
  try {
    const userId = await login('my-auth-token');
    console.log(`logged in successfully with user Id ${userId}!`);
  } catch (e) {
    const error = e as FordefiSdkErrorResult;
      `there was an error. error code :${error.code}, error message: ${error.message}`
import com.fordefi.fordefi.Fordefi
import com.fordefi.fordefi.FordefiError

class MainActivity: ComponentActivity() {
  var fordefi: Fordefi ? = null
  private val authToken = "<AUTH_TOKEN>"

  override fun onCreate(savedInstanceState: Bundle ? ) {
      fordefi!!.login(authToken) {
        userID: String ? ,
        error: FordefiError ? ->
          handleLogin(userID, error)

  private fun handleLogin(userID: String ? , error : FordefiError ? ) {
    if (error == null) {
      Log.i("FordefiSDK", "Successful login. User ID: ${userID!!}")
    } else {
      Log.i("FordefiSDK", String.format("Failed login: %s", error.description()))
import FordefiSdk

class ViewController: UIViewController {
  private var fordefi: Fordefi?
  private let authToken = "<AUTH_TOKEN>"

  override func viewDidAppear(_ animated: Bool) {
    self.fordefi!.login(authToken: authToken) { userID, error in
      self.handleLogin(userID: userID, error: error)

  private func handleLogin(userID: String?, error: FordefiError?) {
    if error != nil {
      print("Login failed. Error: \(error!.errorDescription!)")
    print("User: \(userID!) is logged in")

// user auth token issued by API user
const userId = await fordefi.login(userAuthToken);

Create new authorization tokens

Each authorization token is valid for 24 hours. You will need to generate new tokens using the Issue Authorization Token API call. Each end user can have up to ten active tokens at any time.