Authentication

We aim to have our integration with Pre-Trade be as fast as possible, alongside being easily testable by our technical users. In order to facilitate this, we offer two types of authentication.

🎫 Bearer Authentication (Recommended)

Token Retrieval

To retrieve a bearer token, use the Token (POST /auth/token) endpoint, using the credentials of an API User as per other FundApps REST endpoints.

Authorization: Basic ZmFrZUBmdW5kYXBwcy5jbzpwYXNzd29yZA==

The response will return a payload including a JWT in the token field

{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkppbSBKYW1lcyIsImlhdCI6MTUxNjIzOTAyMn0.q-KVI1vt88Wj2jJZRZY5yb76o1dN5oJpNZrHHWzOljE",
    "refreshToken": null
}

{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkppbSBKYW1lcyIsImlhdCI6MTUxNjIzOTAyMn0.q-KVI1vt88Wj2jJZRZY5yb76o1dN5oJpNZrHHWzOljE",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

🚧

Refresh Tokens are not yet supported

Subsequent Requests

For each subsequent request for all authorised endpoints, the bearer token should be included in the Authorization header of a request.

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkppbSBKYW1lcyIsImlhdCI6MTUxNjIzOTAyMn0.q-KVI1vt88Wj2jJZRZY5yb76o1dN5oJpNZrHHWzOljE

📘

Each token has a 24 hour lifetime. Request made after 24 hours using that token will respond with an unauthorised error code and a new token will need to be requested

🔐 Basic Authentication

Basic Authentication is also available for all authorised endpoints. Please see the Common Workflow page for further information.

🚧

Using Basic Authentication is slower than Token Authentication. We recommend only using for testing.