🔑
Authentication
This guide will walk you through all of the credentials you need to access Portal.
There are two classes of authentication used with Portal.
The API key used by your server to make requests to Portal.
Reach out to us on Slack to get access to the web app!
Before going live with real users, always ensure that you create clients using a Portal API Key from your Portal's Production environment. Read more here on going live with real users.
Users are required to authenticate their devices to Portal in order to create wallets and submit transactions. Client Session Tokens (CST) are short-lived, auto-refreshing tokens used to authenticate users to Portal.
Short-Lived
CSTs expire after 24 hours of no activity. After this, a new CST must be requested from your backend.
Auto-Refreshing
Every authenticated request with a CST updates the token's expiry to 24 hours from that request time. There's a max refresh duration of 7 days, after which a CST can no longer be auto-refreshed.
The goal of this system is keep sessions short (reducing attack windows) while minimizing the number of requests needed to create sessions.
- Active User: If a user uses Portal daily, their CST expiry extends by 24 hours each day. They'll need a new CST from your backend only once per week (after hitting the 7-day max refresh duration).
- Inactive User: Users logging in after a few days or weeks will need a new CST from your backend on every login since CSTs expire after 24 hours.
To authenticate mobile users with Portal, they need a unique Client Session Token. Request this token from your backend using the Portal API Key, then share it with mobile users after they log in.
When a user first registers for your mobile app, use your Portal API Key to create a Client Session Token. Remember to associate the returned
clientId with the user in your system.portal.ts
1
const response = await axios.post(
2
`https://api.portalhq.io/api/v1/custodians/clients`,
3
{},
4
{ headers: { Authorization: `Bearer ${<PORTAL_API_KEY>}` } }
5
);
6
const clientSessionToken = response.data.clientSessionToken;
7
const clientId = response.data.id;
Ensure the
clientId is stored securely as it is crucial for future operations.When the token needs refreshing (during later logins), use the following endpoint:
const response = await axios.post(
`https://api.portalhq.io/api/v1/custodians/clients/${clientId}/session`,
{},
{ headers: { Authorization: `Bearer ${<PORTAL_API_KEY>}` } }
);
const refreshedClientSessionToken = response.data.clientSessionToken;
Your user can now use this refreshed
clientSessionToken.In order to use Portal's
npm packages, you need to get an authToken for use in your .npmrc file.Reach out to Portal on Slack to get an
authTokenCreate an
.npmrc file, if you do not already have one, at the root of your app. Using the npm authToken you received from us to configure permissions to install the module..npmrc
@portal-hq:registry=https://registry.npmjs.org
//registry.npmjs.org/:_authToken=<NPMTOKEN>
After collecting your credentials, you are ready to instantiate the Portal component in your app. Head back to Installation to install.
Last modified 11d ago