Auth
Last updated
Last updated
Most of our APIs require a form of user authentication, for which we have provided several means of obtaining that authentication, any of which can be provided in any order.
Crypto Wallet authentication allows you to have a user sign in with their crypto wallet by performing a signing transaction. Email and SMS OTP will send one-time codes to the method specified.
Once a successful authentication takes place, you will receive a JWT
that is to be passed into the Authorization
header as a Bearer
token for subsequent requests. When adding a second authentication factor, such as SMS after an Email OTP, you must add the initial JWT
to the headers for the subsequent auth calls to ensure they're authenticated to the same session.
The JWT
tokens have a lifetime of 5 minutes, and a user session has a lifetime of 10 minutes of inactivity.
When a JWT
nears expiry, we will refresh it in the background and provide you a new JWT
in the following response header: ratio-authentication-refresh
.
If you encounter this header, you should begin using the new JWT
.
Making calls to read (GET
) APIs only require a single form of authentication by a user, whether it be wallet signing, SMS, or Email. However, you will require MFA to make a write call (POST
,PUT
, etc.) for things such as adding a wallet or sending a transaction.
Ratio user accounts are accessible across a wide variety of applications. You must implement Account Linking so that existing Ratio users can link your application to their account and bypass onboarding