Tokens¶
Alice Onboarding uses JSON Web Tokens (JWT) to manage its authentication.
There are four different types of tokens:
LOGIN_TOKEN
: basic access token.BACKEND_TOKEN
: for global operations only available in the backend (e.g. creating/deleting a user)USER_TOKEN
: for user-related operations available in the frontend (e.g. upload a selfie, upload a document…)BACKEND_TOKEN_WITH_USER_ID
: for backend operations related to users (e.g. delete user, get user’s report…)
The LOGIN_TOKEN
is required for obtaining the rest of the tokens.
Both USER_TOKEN
and BACKEND_TOKEN_WITH_USER_ID
also require a user_id
, which is obtained when creating a new user in Alice Onboarding.
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/login_token \
--header 'apikey: <YOUR-API-KEY>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/backend_token \
--header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/user_token/<user_id> \
--header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/backend_token/<user_id> \
--header 'Authorization: Bearer <LOGIN_TOKEN>'
All four tokens last for 60 minutes.
For security reasons, you must never use a BACKEND_TOKEN
or a BACKEND_TOKEN_WITH_USER_ID
in the frontend of your application or malicious users could discover them in your source code. You should only use them server-side.
See also
Check the full API reference for more details.
If you are only interested in a trial test, you only need to worry about USER_TOKENs
. Please head over to Trial test section.
However, if you have chosen a full integration you will need to manage all of 4 tokens. Please head over to Full integration section.