Authentication

Learn how to authenticate with different Venly products.

Introduction

Authentication is a crucial process that ensures only authorized users or applications can access resources. It involves verifying the identity of the entity attempting to access the system. Proper authentication is essential for maintaining the security and integrity of your system and its data.

This guide will discuss the different types of authentication required for different Venly products.

Authenticting with Venly

Venly services are categorized into two parts. The first is the API products, which contain the Wallet-API, NFT-API, PAY-API, and Market-API. These API products are authenticated via OAuth.

The second category contains only one product, the Widget, which is a JavaScript SDK, and uses a different method of authentication. The Widget is authenticated using a ClientID and whitelisted domains.

This guide will go into the details on how to authenticate depending on the product.

API Products Authentication

In this section, we will discuss how to authenticate to our Venly API products which contain the Wallet-API, NFT-API, PAY-API, and Market-API.

๐Ÿ“˜

Venly uses OAuth + JWT authorization for its APIs.

Prerequisites

  1. You need a Venly business account, if you don't have one, click here to register in our Developer Portal.
  2. You need an active trial or paid subscription of any API product. For example, you can start a 30-day free trial for the Wallet-API as shown below.
  3. Save your Client ID and Client Secret from the Portal as shown below.
Starting a trial subscription and obtaining a Client ID and App Secret

Starting a trial subscription and obtaining a Client ID and Client Secret

Authentication Flow Diagram

API Products Authentication Flow

API Products Authentication Flow

Authentication Steps

To authenticate calls for API products, follow these steps:

  1. Obtain Client Credentials: Get your client_id and client_secret from the Developer Portal.

  2. Request Access Token: Make a POST request to the token endpoint with your client credentials to get an access_token (bearer token).

๐Ÿšง

There are two types of access credentials:

  • Sandbox Credentials (For the sandbox environment)
  • Production Credentials (For the production environment)

You can switch between the access credentials from the Portal by hitting the toggle button.

  • Sandbox Environment Endpoint:

    POST https://login-sandbox.venly.io/auth/realms/Arkane/protocol/openid-connect/token
    
  • Production Environment Endpoint:

    POST https://login.venly.io/auth/realms/Arkane/protocol/openid-connect/token
    
  • Request Body:

    {
        "grant_type": "client_credentials",
        "client_id": "<your_client_id>",
        "client_secret": "<your_client_secret>"
    }
    
  1. Use Access Token: Include the access_token in the Authorization header of your API requests as a Bearer token.
Authorization: Bearer <your_access_token>
  1. Refresh Token (if needed): If your access token expires, request a new one using the same process.

๐Ÿ“˜

  • The refresh_token is provided but is deprecated and should not be used to receive a new access_token. Use the same method to request a new access token instead.
  • The access token is valid for 6 minutes. After 6 minutes, you will need to request a new access token. This can be done by performing the same call as above.

Using the Bearer token in the API calls

In the result of the previous call, an access_token is returned. This access_token needs to be passed with every API call that you do (as a Bearer token in the authorization header).

To run API calls on our documentation tool, you can enter the access_token as shown below to authenticate calls:

Entering Bearer Token to Authenticate API Calls

Entering Bearer Token to Authenticate API Calls

Video Guide

๐Ÿ‘

Next you can read the overview of the Venly API-Products:

Widget Authentication

Next, we will look at authenticating the widget, which is done using the ClientID and whitelisting domains.

Prerequisites

To get started with the Widget, ensure you have the following:

  1. Widget Subscription: You need a trial or paid subscription of the Widget, which can be done from the Developer Portal.
  2. Client ID: Obtain your Client ID from the Developer Portal.
  3. Log-out Redirect URL: Specify where customers should be redirected after logging out.
  4. Whitelist Domains: List the domains from which the widget will be initialized.

Authentication Steps

To communicate with the Widget, a Client ID is required along with whitelisted domains.

  1. You need a Venly business account, if you don't have one, click here to register in our Developer Portal, or follow our step-by-step guide, Getting Started with Venly.
  2. You need an active trial or paid subscription of the Wallet Widget. You can start a 30-day free trial as shown below.
  3. You need your Client ID which can be obtained from the Portal as shown below.
Starting a trial subscription and obtaining a Client ID

Starting a trial subscription and obtaining a Client ID

  1. You will also need to:
    1. Add a log-out redirect URL (optional)
    2. Whitelist the domains you will be using the widget from
Starting a trial subscription and obtaining a Client ID

Whitelist domains

๐Ÿ‘

Now you should have the Client ID and whitelisted domains. Next we will learn how to initialize the Widget.

Conclusion

Authentication is a critical aspect of securing access to resources. By following best practices and using secure authentication methods, you can protect your system and its data from unauthorized access.

To learn more about best security practices for API security, please refer to the guide below.

๐Ÿ“˜

Learn more about the best practices for API security.