Skip to main content

End-User Authentication

With Weavr, you can offer financial services to your customers. In such a case, financial instrumentsInstrument A financial product owned by an Identity. There are two types: Managed Accounts (stored-value accounts that hold balances and can receive wire transfers) and Managed Cards (prepaid cards - virtual or physical - used for purchases). such as cards and IBANsIBAN International Bank Account Number - a standardized international bank account identifier. Managed accounts can be assigned an IBAN to enable wire transfers to and from bank accounts outside of Weavr. IBANs are required for EUR accounts and enable SEPA transfers., together with the funds on these instrumentsInstrument A financial product owned by an Identity. There are two types: Managed Accounts (stored-value accounts that hold balances and can receive wire transfers) and Managed Cards (prepaid cards - virtual or physical - used for purchases)., belong to your customers not to you.

When you execute API requests that create your customers’ financial instrumentsInstrument A financial product owned by an Identity. There are two types: Managed Accounts (stored-value accounts that hold balances and can receive wire transfers) and Managed Cards (prepaid cards - virtual or physical - used for purchases). or interact with them, you are doing so on behalf of your customers. You must provide a valid user session token to execute such API requests.

Token lifetime: 5 minutes from last activity

End-user tokens expire after 5 minutes of inactivity, and there is no refresh endpoint. Plan your UX around user activity rather than waiting for a 401 response-for example, prompt the user to take an action when less than 1 minute remains on the session.

Obtaining end-user tokens

End-user tokens are generated and returned as part of the API response when a user registers for an identity or logs in to an identity. Such tokens expire after 5 minutes of inactivity.

Using end-user tokens

You should include an end-user token when you make an API call that requires the Authorization header. We use JWT as the authentication technology, so you should prefix end-user tokens with the word Bearer.