Tokens

Alice Onboarding uses JSON Web Tokens (JWT) to manage its authentication.

There are four different types of tokens:

  1. LOGIN_TOKEN: basic access token.

  2. BACKEND_TOKEN: for global operations only available in the backend (e.g. creating/deleting a user)

  3. USER_TOKEN: for user-related operations available in the frontend (e.g. upload a selfie, upload a document…)

  4. BACKEND_TOKEN_WITH_USER_ID: for backend operations related to users (e.g. delete user, get user’s report…)

The LOGIN_TOKEN is required for obtaining the rest of the tokens. Both USER_TOKEN and BACKEND_TOKEN_WITH_USER_ID also require a user_id, which is obtained when creating a new user in Alice Onboarding.

curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/login_token \
--header 'apikey: <YOUR-API-KEY>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/backend_token \
--header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/user_token/<user_id> \
--header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \
--url https://apis.alicebiometrics.com/onboarding/backend_token/<user_id> \
--header 'Authorization: Bearer <LOGIN_TOKEN>'

All four tokens last for 60 minutes. For security reasons, you must never use a BACKEND_TOKEN or a BACKEND_TOKEN_WITH_USER_ID in the frontend of your application or malicious users could discover them in your source code. You should only use them server-side.

See also

Check the full API reference for more details.

If you are only interested in a trial test, you only need to worry about USER_TOKENs. Please head over to Trial test section.

However, if you have chosen a full integration you will need to manage all of 4 tokens. Please head over to Full integration section.