Skip to main content

How to Implement Server-Side Authentication

Interacting with user-specific data in Quiltt requires a valid User Session Token. This token scopes all API operations to a specific user, ensuring that each user’s data is securely isolated.

To make referential integrity easy, our API is designed in an “importer pipeline” style, backed by UUIDs. This means that you can generate or otherwise provide your own ID as the primary key for a user in Quiltt. You can think of Quiltt as an extension to your data infrastructure.

To create a User Session, use your App Secret as a Bearer Token while optionally providing profile details to write to the user. This works the same regardless of whether you are registering a new user, or creating a session for an existing user.

We also support self-signed sessions. Please contact us at support@quiltt.io to obtain a signing secret.


AnchorHow to Authenticate a New User

AnchorWithout profile attributes

Response

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "50fb243c-6d2e-45ba-b1a2-1b9774876a7c",
"expiration": 1621370019,
"userId": "f5db0067-3482-4a3a-b05c-7b1b560d1fae",
"token": <USER_SESSION_TOKEN>
}

Creates and authenticates a new user, assigning a random UUID that you should persist.

AnchorWith profile attributes

Response

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "2b853926-b456-473e-b5ff-e02b5fa61d69",
"expiration": 1621370019,
"user_id": "11111111-1111-1111-1111-111111111111",
"token": <USER_SESSION_TOKEN>
}

Creates and authenticates a new user, assigning them the given profile attributes.

AnchorWith an ID

Response

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "2b853926-b456-473e-b5ff-e02b5fa61d69",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER_SESSION_TOKEN>
}

Creates and authenticates a new user, assigning them the given ID.


AnchorHow to Authenticate an Existing User

AnchorFind user by UUID

Response

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "94204d21-61dc-42df-8ca9-66546caaa4e3",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER SESSION TOKEN>
}

Authenticates existing user, found by the given ID.

AnchorFind user by UUID and update profile

Response

HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "d0866007-52fa-4cfc-a0d0-cd5ad0fb9a00",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER SESSION TOKEN>
}

Authenticates existing user, found by the given ID, and assigns the given profile attributes.

Once you have obtained a User Session Token, you are ready to talk to GraphQL and interact with the customer’s financial data.

See our API Reference for additional authentication actions, including token introspection and revocation flows.