Skip to main content

Authentication

OAuth2 Flow

Park Avenue Finance leverages OAuth2 with the client credentials grant type to authenticate your API requests. You will sign up to the platform using a username and password during registration, which will be used to generate your token. It is imperative that these credentials are housed securely once shared with us.

Note: In both the production and sandbox environments, the Time-To-Live (TTL) of each token is 24 hours or 1 day. You will need to ensure that you have appropriate token refresh capabilities in place to pre-fetch tokens as they expire. In the development environment, the token TTL is the same.

Workflow

Authentication Process

The authentication process is an essential part of ensuring secure access to our system. It consists of several steps, designed to verify the identity of users and grant appropriate access rights. Here's a detailed explanation of each step:

1. Contact Admin

  • Action: Users initiate their journey by signing up to the platform.
  • Method: This is done by contacting the admin and requesting access to the system by providing an email address.
  • Details: Admin will setup an account for you and send you an email with a password.

3. Login

  • Action: Once the account is setup, users can log in.
  • Method: Logging in is achieved by calling the /auth/login API.
  • Result: Successful login will result in the user receiving a token.

2. Reset your Password

  • Action: Once the account is created, users must change their password.
  • Method: This is done by calling the /auth/change-password API.
  • Result: Successful password change ensures the ownership and security of the account.

4. Token Validity

  • Duration: The obtained token has a 24-hour lifespan.
  • Importance: This token is crucial for accessing and interacting with various parts of the system securely.

5. Using the Authorization Header

  • Action: For subsequent requests after logging in, users must include an authorization header.
  • Format: The header should be in the format Authorization: Bearer <AUTH_TOKEN>.
  • Purpose: This header ensures that each request is authenticated and authorized, maintaining the security and integrity of user interactions with our system.

Each of these steps plays a vital role in safeguarding our system and user's data, ensuring that only authorized personnel have access to sensitive information and functionalities.