Alice Onboarding uses JSON Web Tokens (JWT) to manage its authentication.
There are four different types of tokens:
LOGIN_TOKEN: basic access token.
BACKEND_TOKEN: for global operations only available in the backend (e.g. creating/deleting a user)
USER_TOKEN: for user-related operations available in the frontend (e.g. upload a selfie, upload a document…)
BACKEND_TOKEN_WITH_USER_ID: for backend operations related to users (e.g. delete user, get user’s report…)
LOGIN_TOKEN is required for obtaining the rest of the tokens.
BACKEND_TOKEN_WITH_USER_ID also require a
user_id, which is obtained when creating a new user in Alice Onboarding.
curl --request GET \ --url https://apis.alicebiometrics.com/onboarding/login_token \ --header 'apikey: <YOUR-API-KEY>'
curl --request GET \ --url https://apis.alicebiometrics.com/onboarding/backend_token \ --header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \ --url https://apis.alicebiometrics.com/onboarding/user_token/<user_id> \ --header 'Authorization: Bearer <LOGIN_TOKEN>'
curl --request GET \ --url https://apis.alicebiometrics.com/onboarding/backend_token/<user_id> \ --header 'Authorization: Bearer <LOGIN_TOKEN>'
All four tokens last for 60 minutes.
For security reasons, you must never use a
BACKEND_TOKEN or a
BACKEND_TOKEN_WITH_USER_ID in the frontend of your application or malicious users could discover them in your source code. You should only use them server-side.
Check the full API reference for more details.
If you are only interested in a trial test, you only need to worry about
USER_TOKENs. Please head over to Trial test section.
However, if you have chosen a full integration you will need to manage all of 4 tokens. Please head over to Full integration section.