In this guide, we will show you how to generate Quiltt session tokens on behalf of your users, using your App Secret.
2 min read
Interacting with user-specific data in Quiltt requires a valid User Session Token.This token scopes all API operations to a specific user, ensuring that each user's data is securely isolated.
To make referential integrity easy, our API is designed in an "importer pipeline" style, backed by UUIDs. This means that you can generate or otherwise provide your own ID as the primary key for a user in Quiltt. You can think of Quiltt as an extension to your data infrastructure.
To create a User Session, use your App Secret as a Bearer Token while optionally providing profile details to write to the user. This works the same regardless of whether you are registering a new user, or creating a session for an existing user.
We also support self-signed sessions. Please contact us at firstname.lastname@example.org to obtain a signing secret.
How to Authenticate a New User
Without profile attributes
With profile attributes
With an ID
How to Authenticate an Existing User
Find user by UUID
Find user by UUID and update profile
Once you have obtained a User Session Token, you are ready to talk to GraphQL and interact with the user's financial data.
See our API Reference for additional authentication actions, including token introspection and revocation flows.