Faster Interac API

Authentication in this API is handled via JSON Web Tokens (JWTs). This process ensures that only authenticated users can access protected endpoints within the service.

How Authentication Works

1. User Login:

• The user submits their credentials (typically an email and password) to the /auth/login endpoint.

• The server verifies these credentials against the stored user data.

• If the credentials are correct, the server generates a JWT and returns it to the user in the response.

2. Using the JWT:

• The JWT must be included in the Authorization header of subsequent requests to protected endpoints.

• The format for this header is: Authorization: Bearer .

3. Token Validation:

• Each time a protected endpoint is accessed, the server validates the provided JWT.

• The server checks the token’s signature, expiration, and any other relevant claims to ensure it’s valid.

• If the token is valid, the server processes the request. If not, the server returns a 401 Unauthorized or 403 Forbidden response.

4. Token Expiration and Refresh:

• JWTs typically have an expiration time, after which they become invalid.

• To maintain user sessions, you may implement a token refresh mechanism where the client can obtain a new token by presenting a refresh token.

Security Considerations

• Token Storage: Store JWTs securely on the client side to prevent exposure to malicious scripts (e.g., XSS attacks).

• HTTPS: Always use HTTPS to encrypt the transmission of tokens, preventing them from being intercepted during transit.

• Token Revocation: If a token is compromised, implement a mechanism to revoke it and prevent unauthorized access.

This endpoint authenticates a user by verifying their credentials (email and password). Upon successful authentication, it returns a JSON Web Token (JWT) that can be used to access protected endpoints within the API.

The E-Transfer endpoints allow users to manage Interac e-transfers, including sending, requesting, and canceling transfers.