Docs
  • What We Do
  • Supported Countries, Payment Methods, and Cryptocurrencies
  • Getting Started
  • Integration Guides
    • API
      • Required Headers
      • Create a User
      • Assign a Deposit Address
      • KYC
      • Link and Verify a Bank Account
        • Re-link Bank Account
        • Update Bank Account
        • Delete Bank Account
      • Transaction Limits
      • Buy Crypto (ACH)
      • Transaction Monitoring
      • Transaction History
    • React Native
      • Installation
      • Session Token and Wallet Signing
      • Preset Order Details
      • Example
      • Reference
      • Release History
      • User experience
        • Sign up
        • Sign in
        • Buy crypto
        • Settings & activity
    • React JS (Beta)
      • Installation
      • Session Token and Wallet Signing
      • Preset Orders
      • Callbacks
      • Theming
      • Example
      • Reference
      • Release History
  • API Reference
    • Endpoints
      • Auth
        • Crypto Wallet
        • Email OTP
        • SMS OTP
      • Activity
      • Bank
      • Client
      • Config
      • Crypto
      • Users
      • Wallets
      • Webhook Registrations
    • Custom Headers
    • Error Codes
    • Types Glossary
    • Postman
    • Open API Specification
    • Webhooks
  • Design Reference
    • UI/UX Starter kit
    • UI Requirements
  • Guides
    • Sandbox Testing
    • User Authentication
    • Link a new Signing Wallet to an Existing User
    • Plaid Bank Linking
      • Plaid OAuth Support
    • Client Dashboard (Alpha)
  • User Support Reference
    • User Account Flags
      • KYC Review
      • Transaction Processing
      • NSFs and Returned Payments
      • Fraud
    • Transactional Emails
Powered by GitBook
On this page
  • Overview
  • Auth Factors

Was this helpful?

  1. API Reference
  2. Endpoints

Auth

PreviousEndpointsNextCrypto Wallet

Last updated 1 year ago

Was this helpful?

Overview

Most of our APIs require a form of user authentication, for which we have provided several means of obtaining that authentication, any of which can be provided in any order.

Crypto Wallet authentication allows you to have a user sign in with their crypto wallet by performing a signing transaction. Email and SMS OTP will send one-time codes to the method specified.

Once a successful authentication takes place, you will receive a JWT that is to be passed into the Authorization header as a Bearer token for subsequent requests. When adding a second authentication factor, such as SMS after an Email OTP, you must add the initial JWT to the headers for the subsequent auth calls to ensure they're authenticated to the same session.

The JWT tokens have a lifetime of 5 minutes, and a user session has a lifetime of 10 minutes of inactivity.

When a JWT nears expiry, we will refresh it in the background and provide you a new JWT in the following response header: ratio-authentication-refresh.

If you encounter this header, you should begin using the new JWT.

Making calls to read (GET) APIs only require a single form of authentication by a user, whether it be wallet signing, SMS, or Email. However, you will require MFA to make a write call (POST,PUT, etc.) for things such as adding a wallet or sending a transaction.

Ratio user accounts are accessible across a wide variety of applications. You must so that existing Ratio users can link your application to their account and bypass onboarding

Auth Factors

implement Account Linking
Crypto Wallet
Email OTP
SMS OTP