🔑
Authentication
This guide will walk you through all of the credentials you need to access Portal.
There are two classes of authentication used with Portal.
The API key used by your server to make requests to Portal.
Reach out to us on Slack to get access to the web app!
Users are required to authenticate their devices to Portal in order to create wallets and submit transactions. Client Session Tokens (CST) are short-lived, auto-refreshing tokens used to authenticate users to Portal.
Short-Lived
CSTs expire after 24 hours of no activity, after which a new CST will need to be requested from your backend.
Auto-Refreshing
Every request authenticated with a CST updates the token to expire 24 hours from the time of that successful request. There is a max refresh duration of 7 days, after which a CST can no longer be updated.
The goal of this system is keep sessions short (reduce windows of attack) while reducing the number of requests required to create sessions.
In practice, this looks like:
- Active User: If a user uses Portal once a day (their CST will continue to update the expiry by 24 hours) their device will only need to request a new CST from your backend once a week (after their CST hits the max refresh duration of 7 days).
- Inactive User: If a user logs in once every few days or few weeks their device will need to request a new CST from your backend on every login (CSTs expire after 24 hours)
In order to authenticate mobile users with Portal, they will need a unique Client Session Token. This should initially be requested from your backend using the Portal API Key and then shared with mobile users after they log in to your mobile app.
Use your Portal API Key to fetch a Client Session Token for a user when they login to the mobile app.
portal.ts
1
const clientSessionToken = await axios
2
.post(
3
`https://api.portalhq.io/api/clients`,
4
{
5
headers: {
6
Authorization: `Bearer ${<PORTAL_API_KEY>}`,
7
},
8
}
9
)
10
.then((res) => {
11
return res.data.clientSessionToken
12
})
In order to use Portal's
npm
packages, you need to get an authToken
for use in your .npmrc
file.Reach out to Portal on Slack to get an
authToken
Create an
.npmrc
file, if you do not already have one, at the root of your app. Using the npm
authToken
you received from us to configure permissions to install the module..npmrc
@portal-hq:registry=https://registry.npmjs.org
//registry.npmjs.org/:_authToken=<NPMTOKEN>
After collecting your credentials, you are ready to instantiate the Portal component in your app. Head back to Installation to install.
Last modified 3mo ago