Authenticate user's account

POST

api

authenticate

curl --request POST \
  --url https://integration-api.getfront.com/api/v1/authenticate \
  --header 'Content-Type: application/json' \
  --header 'X-Client-Id: <api-key>' \
  --header 'X-Client-Secret: <api-key>' \
  --data '{
  "username": "username",
  "password": "password",
  "mfaCode": "000000",
  "mfaType": "phone",
  "type": "robinhood"
}'

{
  "content": {
    "status": "succeeded",
    "expiresInSeconds": 7200,
    "accountTokens": [
      {
        "account": {
          "meshAccountId": "00000000-0000-0000-0000-000000000000",
          "frontAccountId": "00000000-0000-0000-0000-000000000000",
          "accountId": "Id of the account",
          "accountName": "Name of the account"
        },
        "accessToken": "Access token, allowing access to the integration",
        "refreshToken": "Optional refresh token, allowing to refresh the access token"
      }
    ]
  },
  "status": "ok",
  "message": "",
  "errorType": ""
}

Authorizations

X-Client-Secret

string

header

required

Contact Front to get client Secret

X-Client-Id

string

header

required

Contact Front to get client Id

Query Parameters

userId

string

required

Id of the end-user

Body

application/json

Authentication request.

type

enum<string>

required

Available options:

robinhood,

eTrade,

alpaca,

tdAmeritrade,

weBull,

stash,

interactiveBrokers,

public,

coinbase,

kraken,

coinbasePro,

cryptoCom,

openSea,

binanceUs,

gemini,

cryptocurrencyAddress,

cryptocurrencyWallet,

okCoin,

bittrex,

kuCoin,

etoro,

cexIo,

binanceInternational,

bitstamp,

gateIo,

acorns,

okx,

bitFlyer,

coinlist,

huobi,

bitfinex,

deFiWallet,

krakenDirect,

vanguard,

binanceInternationalDirect,

bitfinexDirect,

bybit,

paxos,

coinbasePrime

phone

string | null

username

string | null

password

string | null

tradePin

string | null

countryInfo

object

challengeId

string | null

challengeCode

string | null

challengeAnswer

string | null

Used to provide answers to security questions

mfaCode

string | null

mfaType

enum<string>

Available options:

phone,

email,

totp,

phoneAndEmail,

requireNextSecurityQuestion,

readEmail,

face

deviceInfo

string | null

authFlowStep

enum<string>

Available options:

loginPassword,

mfaFlow,

faceVerification

key

string | null

authToken

string | null

redirectLink

string | null

confirmationEmail

string | null

Response

200

application/json

Success

status

enum<string>

Available options:

ok,

serverFailure,

permissionDenied,

badRequest,

notFound,

conflict,

tooManyRequest,

locked

message

string | null

A message generated by the API

displayMessage

string | null

User-friendly display message that can be presented to the end user

errorType

string | null

Strictly-typed error type that is explaining the reason of an unsuccessful status of the operation. All possible error types are available in the documentation.

content

object

content.status

enum<string>

Status of the request

Available options:

failed,

challengeFailed,

succeeded,

challengeIssued,

mfaRequired,

openInBrokerModule,

delayed,

deviceConfirmationRequired,

emailVerification,

emailReceived,

captchaChallenge,

faceVerification

content.mfaType

enum<string>

Available options:

phone,

email,

totp,

phoneAndEmail,

requireNextSecurityQuestion,

readEmail,

face

content.authFlowStep

enum<string>

The AuthFlowStep is used to determine which state the authentication is in, for initial requests without MFA verification the value should be LoginPassword and when calling with MFA code it should be MfaFlow (currently used for BinanceInternationalDirect only).

Available options:

loginPassword,

mfaFlow,

faceVerification

content.qrCode

string | null

Qr code used to scan and solve facial verification (currently used for BinanceInternationalDirect only).

content.qrCodeLink

string | null

content.challengeId

string | null

Id of the challenge, relevant when the status is ChallengeIssued

content.challengeText

string | null

content.challengeExpiresInSeconds

integer | null

Life span of the challenge

content.errorMessage

string | null

content.displayMessage

string | null

content.accessToken

string | null

deprecated

content.refreshToken

string | null

deprecated

content.expiresInSeconds

integer | null

content.refreshTokenExpiresInSeconds

integer | null

content.account

object

deprecated

content.brokerBrandInfo

object

content.accountTokens

object[] | null

content.requiresReauthentication

boolean | null

content.email

string | null

content.allocatedIPAddress

string | null

Get authentication schemes Get OAuth authentication link

curl --request POST \
  --url https://integration-api.getfront.com/api/v1/authenticate \
  --header 'Content-Type: application/json' \
  --header 'X-Client-Id: <api-key>' \
  --header 'X-Client-Secret: <api-key>' \
  --data '{
  "username": "username",
  "password": "password",
  "mfaCode": "000000",
  "mfaType": "phone",
  "type": "robinhood"
}'

{
  "content": {
    "status": "succeeded",
    "expiresInSeconds": 7200,
    "accountTokens": [
      {
        "account": {
          "meshAccountId": "00000000-0000-0000-0000-000000000000",
          "frontAccountId": "00000000-0000-0000-0000-000000000000",
          "accountId": "Id of the account",
          "accountName": "Name of the account"
        },
        "accessToken": "Access token, allowing access to the integration",
        "refreshToken": "Optional refresh token, allowing to refresh the access token"
      }
    ]
  },
  "status": "ok",
  "message": "",
  "errorType": ""
}

Managed Account Authentication

Managed Transfers

Portfolio

Balance

Verify

Transactions

Self Managed Account Authentication

Transfers

Authenticate user's account

Authorizations

Query Parameters

Body

Response