post https://sandbox.mipisepaymentservices.com/api/login
Logs in an agent by providing username and password
API requests to MPS are secured through an authentication system based on login and password, along with the use of a JWT token to protect API access after authentication. Any request sent without proper authentication will be rejected.
Authentication Process
-
Authentication via login and password:
- Users must first authenticate through the dedicated authentication endpoint (
/login) by sending their login and password in aPOSTrequest with JSON format. - If authentication is successful, a JWT token (JSON Web Token) is returned in the response.
- This token must then be included in the headers of all subsequent requests to access protected API resources.
- Users must first authenticate through the dedicated authentication endpoint (
-
Using the JWT token for authenticated requests:
- Once the user receives their JWT token, it must be provided in the HTTP
Authorizationheader for every protected request. - The
Authorizationheader must have the following format:
- Once the user receives their JWT token, it must be provided in the HTTP
Authorization: Bearer <token>Security Requirements
- If a request is sent without the JWT token in the Authorization header, or if the token is invalid or expired, the API will return a 401 Unauthorized error.
JWT Token Management
- Token expiration: JWT tokens have a limited lifespan. Once expired, a new token must be obtained by re-authenticating with credentials via the
/loginendpoint. - Confidentiality: The JWT token must be kept secret and secure at all times.
This endpoint doesn't need a bearer authorization token (JWT), but every other need one.
This is because this endpoint will return a JWT token, to provide you access to all of the functionalities of the API.