Onboard an Authorised User
Authorised users are users who have been granted access to a buyer within Weavr. They are not the legal owners of the identity therefore they do not own the instruments or the funds created for the respective buyer.
For a buyer persona, an authorised user can represent a company role from the payables department, a financial controller, a procurement officer, a treasury role or an external accountant.
Depending on how your application can be utilised, the assigned authorised users can be users of the application that are intersecting with the financial service component to perform payments using the selected payment methods or to perform payment receipt reconciliation.
Before you can add authorised users to a Buyer, you must have:
- An on boarded Buyer
- A logged-in user with an Admin role and a stepped up token.
This guide demonstrates how you can enable your customers to add users with roles to their identity in the following steps:
- Create a new user
- Set the user's password
- Enrol the user's device
1. Create a new user
Use the create user API to create a new user associated with the buyer that the logged-in user initiating the request belongs to.
Learn more about roles and permissions here.
Weavr returns the details of the newly created user, including the id which is used to identify this particular user in subsequent API calls.
2. Set the user's password
Once a user is created, the next step is for the user to set up his/her password. You can set the user's password in 2 ways:
- Via the Create Password API, if the user is already using your product
- Via the User Invitation process, if the user still needs to start using your product
Via the create password API
If the user is already using your product, you can use this option to quickly enable them to setup their password.
If you are not PCI compliant, you cannot handle your customers’ plain-text passwords. Instead, you must tokenise passwords. Find more information on how to transmit data securely here.
Weavr returns a token as part of a successful response. You will need to provide the token as part of APIs which require the user to be logged in.
Via the user invitation process
If you still need to onboard the user onto your product, you can use the invitation process to start this process. The invitation process is a 2 step process:
- Send an invitation email to the user
- User accepts invitation and provides their password
2.1. Send an invitation email to the user
Use the send user invite API to send an invitation to the user on their email address.
You can brand and personalise the email content that is sent to your users. Read our guide on buyer email communications for more information.
The invitation email will contain a verification code and a URL that redirects to your application. Once the user clicks this URL, they should be redirected to a page on your application where they can input the verification code that they received.
The invitation expires after 30 days.
2.2. User accepts invitation and provides their password
Set the user's password by submitting the verification code that the user received in the email together with the user's password.
Weavr returns a token as part of a successful response. You will need to provide the token as part of APIs which require the user to be logged in.
3. Enrol the user's device
Users must be enrolled with one additional authentication factor in order to perform operations that require Strong Customer Authentication (SCA).
3.1. Enrol user using OTP via SMS
You can start the enrolment process using the API. The user will receive a text message (SMS) on the mobile number that was provided when creating the user.
3.2. Verify the user's mobile device
You must build a page in your application where the user can enter the verification code that they received in the text message together with their password. Then, you need to submit the information using the API.