A.D. Banker APIs use the oAuth 2.0 protocol for authentication and authorization of requests to our API.
1. Registration
If you have an A.D. Banker Account Manager, please reach out to them when you are ready to access, or if you would like to learn more our APIs.
If you do not have an Account Manager, please contact Customer Service at 1-800-866-2468, and we would be happy to get you in set up with one.
You will be asked to supply a route for us to send a request to to authenticate a two way handshake in the process to retrieving a valid API key.
The route must have the following valid parameters:
- Route is publicly accessible
- Route can retrieve POST requests
- Route is a valid URL
An example route would be: https://example.com/oauth/verify
2. Requesting an agreement key
Once you are registered, you can now request an API key.
To do this first, you need an agreement key.
The agreement key is used in a secure two way handshake to verify your identity when you request an API key.
1. Send a POST request to https://api.adbanker.com/v1/Auth/Agreement with a JSON post body containing your supplied client key and the callback route you entered from registration.
2. Receive agreement key sent as a POST request to your callback route.
Your callback route should receive a JSON body with a client key, agreement key, and an expiration:
Now that you have your agreement key, continue onto the next step.
3. Requesting an API key
Now that you have your agreement key from the callback, send one more POST request to https://api.adbanker.com/v1/Auth/Authorize with a JSON request body containing your agreement key and your private key saved from registering for API access.
Two fields by the name of ApiAccessKey (String) and ApiAccessKeyExpiration (Unix Time) will be returned from the request:
Once you have the values, you have retrieved your API key, and may continue onto the next step.
Please note: The API key is disabled after the expiration date of 24 hours. You will need to request a new API key each request, or before the current one expires.
4. Authenticating your requests
With your API key (ApiAccessKey), you will need to add an Authorization header to each HTTP request in the following format:
Authorization = bearer API_ACCESS_KEY
Once you have included the proper authentication, the API should now be fully accessible to use for your organization.
Notes:
- A new API access key will need to be requested once it expires, or for each new request
- An API access key is required for all requests
- All routes are tied to an organization, you may check out our documentation to read more about an organization
Comments
0 comments
Please sign in to leave a comment.