Interacting with user-specific data in Quiltt requires a valid User Session Token. This token scopes all API operations to a specific user, ensuring that each user's data is securely isolated.
To make referential integrity easy, our API is designed in an "importer pipeline" style, backed by UUIDs. This means that you can generate or otherwise provide your own ID as the primary key for a user in Quiltt. You can think of Quiltt as an extension to your data infrastructure.
To create a User Session, use your App Secret as a Bearer Token while optionally providing profile details to write to the user. This works the same regardless of whether you are registering a new user, or creating a session for an existing user.
We also support self-signed sessions. Please contact us at support@quiltt.io to obtain a signing secret.
How to Authenticate a New User
Without profile attributes
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "50fb243c-6d2e-45ba-b1a2-1b9774876a7c",
"expiration": 1621370019,
"userId": "f5db0067-3482-4a3a-b05c-7b1b560d1fae",
"token": <USER_SESSION_TOKEN>
}
With profile attributes
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "2b853926-b456-473e-b5ff-e02b5fa61d69",
"expiration": 1621370019,
"user_id": "11111111-1111-1111-1111-111111111111",
"token": <USER_SESSION_TOKEN>
}
With an ID
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "2b853926-b456-473e-b5ff-e02b5fa61d69",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER_SESSION_TOKEN>
}
How to Authenticate an Existing User
Find user by UUID
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "94204d21-61dc-42df-8ca9-66546caaa4e3",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER SESSION TOKEN>
}
Find user by UUID and update profile
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
{
"id": "d0866007-52fa-4cfc-a0d0-cd5ad0fb9a00",
"expiration": 1621370019,
"userId": "11111111-1111-1111-1111-111111111111",
"token": <USER SESSION TOKEN>
}
Once you have obtained a User Session Token, you are ready to talk to GraphQL and interact with the customer's financial data.
See our API Reference for additional authentication actions, including token introspection and revocation flows.