Integration Guide for Banks
[ENG] Integration Guide for Bank
[ENG] Integration Guide for Bank
  • General
    • 💰Overview
      • Transfers between digitized entities
        • Option 1. Fast transfer
        • Option 2. Standard transfer (optional)
      • Version history
      • API change log
      • Glossary
    • 🌐Common requirements
    • 👉Basic use case
    • 📅Integration Plan
      • Integration Plan - Business
      • Integration Plan - Technical Team
      • Multisignature
    • ❗Error messages
  • 🛠️API methods
    • Authentification
      • Authorization via JWT
      • Bank authorization
      • JWT format
    • Emlpoyee
      • How to add a user to a role
      • Role management
    • Customer
      • Segments
    • Digital entity
    • Identifiers
    • Transfer
      • Multisignature for transfers
      • [optional] Callbacks
      • Category
    • Limits
    • Reconciliation
    • [optional] Branch
      • Branch access
      • How to add employee to branch
      • Filter by branch
      • Transfers (branches)
      • Branch digital entity
Powered by GitBook
On this page
  1. API methods

Authentification

How to log in to the system with an employee credentials

PreviousError messagesNextAuthorization via JWT

Last updated 1 year ago

In order to work with DCM you should log in to the system.

If you use you don't need to do authentication via API.

The purpose of authentication is to restrict access to crypto-identifications and account information only to those who are explicitly allowed to do so.

Please use the following URL host for authentication: api.{your_alias}.integrate

What steps should you do for authentication?

Precondition: The employee should be registered (see function ).

  1. Create Log-in Flow

  1. Log in

In the body of the request, you should fill in the user's parameters (e-mail, password) that you have filled in at registration.

It is important that body is sent via x-www-form-urlencoded format.

Example:

curl --location 'https://api.xxx.processing-stage.dcm.systems/kratos/self-service/login?flow=xxx' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'csrf_token=xxx' \
--data-urlencode 'identifier=xxx@mail.com' \
--data-urlencode 'method=password' \
--data-urlencode 'password=xxx'

In case of a successful response in the response body you will get the parameter session_token.

    Authorization: bearer ${session-token}

A session token must be sent in the HTTP Authorization Header for all other API requests (not applicable when is used):

🛠️
your own JWT
JWT by Bank
Create employee

Create Login Flow for Native Apps

get

This endpoint initiates a login flow for native apps that do not use a browser, such as mobile devices, smart TVs, and so on. In the response you will get flow_id that will be used during the logging in on the next step.

Responses
200
loginFlow
application/json
400
errorGeneric
application/json
default
errorGeneric
application/json
get
GET /kratos/self-service/login/api HTTP/1.1
Host: {{url_host}}
Accept: */*

{
  "active": "password",
  "created_at": "2025-05-02T15:36:21.507Z",
  "expires_at": "2025-05-02T15:36:21.507Z",
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "issued_at": "2025-05-02T15:36:21.507Z",
  "oauth2_login_challenge": "text",
  "oauth2_login_request": {
    "challenge": "text",
    "client": {
      "allowed_cors_origins": [
        "text"
      ],
      "audience": [
        "text"
      ],
      "authorization_code_grant_access_token_lifespan": "text",
      "authorization_code_grant_id_token_lifespan": "text",
      "authorization_code_grant_refresh_token_lifespan": "text",
      "backchannel_logout_session_required": true,
      "backchannel_logout_uri": "text",
      "client_credentials_grant_access_token_lifespan": "text",
      "client_id": "text",
      "client_name": "text",
      "client_secret": "text",
      "client_secret_expires_at": 1,
      "client_uri": "text",
      "contacts": [
        "text"
      ],
      "created_at": "2025-05-02T15:36:21.507Z",
      "frontchannel_logout_session_required": true,
      "frontchannel_logout_uri": "text",
      "grant_types": [
        "text"
      ],
      "implicit_grant_access_token_lifespan": "text",
      "implicit_grant_id_token_lifespan": "text",
      "jwks": null,
      "jwks_uri": "text",
      "jwt_bearer_grant_access_token_lifespan": "text",
      "logo_uri": "text",
      "metadata": null,
      "owner": "text",
      "policy_uri": "text",
      "post_logout_redirect_uris": [
        "text"
      ],
      "redirect_uris": [
        "text"
      ],
      "refresh_token_grant_access_token_lifespan": "text",
      "refresh_token_grant_id_token_lifespan": "text",
      "refresh_token_grant_refresh_token_lifespan": "text",
      "registration_access_token": "text",
      "registration_client_uri": "text",
      "request_object_signing_alg": "text",
      "request_uris": [
        "text"
      ],
      "response_types": [
        "text"
      ],
      "scope": "text",
      "sector_identifier_uri": "text",
      "subject_type": "text",
      "token_endpoint_auth_method": "text",
      "token_endpoint_auth_signing_alg": "text",
      "tos_uri": "text",
      "updated_at": "2025-05-02T15:36:21.507Z",
      "userinfo_signed_response_alg": "text"
    },
    "oidc_context": {
      "acr_values": [
        "text"
      ],
      "display": "text",
      "id_token_hint_claims": {
        "ANY_ADDITIONAL_PROPERTY": "anything"
      },
      "login_hint": "text",
      "ui_locales": [
        "text"
      ]
    },
    "request_url": "text",
    "requested_access_token_audience": [
      "text"
    ],
    "requested_scope": [
      "text"
    ],
    "session_id": "text",
    "skip": true,
    "subject": "text"
  },
  "refresh": true,
  "request_url": "text",
  "requested_aal": "aal0",
  "return_to": "text",
  "type": "text",
  "ui": {
    "action": "text",
    "messages": [
      {
        "context": {},
        "id": 1,
        "text": "text",
        "type": "info"
      }
    ],
    "method": "text",
    "nodes": [
      {
        "attributes": {
          "autocomplete": "email",
          "disabled": true,
          "label": {
            "context": {},
            "id": 1,
            "text": "text",
            "type": "info"
          },
          "name": "text",
          "node_type": "text",
          "onclick": "text",
          "pattern": "text",
          "required": true,
          "type": "text",
          "value": null
        },
        "group": "default",
        "messages": [
          {
            "context": {},
            "id": 1,
            "text": "text",
            "type": "info"
          }
        ],
        "meta": {
          "label": {
            "context": {},
            "id": 1,
            "text": "text",
            "type": "info"
          }
        },
        "type": "text"
      }
    ]
  },
  "updated_at": "2025-05-02T15:36:21.507Z"
}
  • What steps should you do for authentication?
  • GETCreate Login Flow for Native Apps
  • POSTSubmit a Login Flow

Submit a Login Flow

post

Use this endpoint to complete a login flow.

Query parameters
flowstringRequired

The Login Flow ID

The value for this parameter comes from flow URL Query parameter sent to your application (e.g. /login?flow=abcde).

Header parameters
CookiestringOptional

HTTP Cookies

When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected.

Body
one ofOptional
or
or
or
or
Responses
200
successfulNativeLogin
application/json
303
Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.
400
loginFlow
application/json
410
errorGeneric
application/json
422
errorBrowserLocationChangeRequired
application/json
default
errorGeneric
application/json
post
POST /kratos/self-service/login?flow={{id}}?flow=text HTTP/1.1
Host: {{url_host}}
Content-Type: application/json
Accept: */*
Content-Length: 75

{
  "csrf_token": "text",
  "identifier": "text",
  "method": "text",
  "password": "text"
}
{
  "...": null,
  "session_token": "text"
}