Complete guide to authentication including sign-in, token management, password operations, and API authorization
Authentication
IBEXHub uses a token-based authentication system with access tokens and refresh tokens to secure API access.
Authentication Flow
1. Sign In
To authenticate and receive tokens, use the sign-in endpoint:
import requests
body = {
"email": "[email protected]",
"password": "Examplepass1!."
}
response = requests.post(
"https://api-sandbox.poweredbyibex.io/auth/signin",
headers={"Content-Type": "application/json"},
json=body
)
print(response.status_code)
print(response.json())Response:
{
"accessToken": "",
"accessTokenExpiresAt": 1643819877,
"refreshToken": "",
"refreshTokenExpiresAt": 1644421077
}2. Using Access Tokens
Include the access token in the Authorization header for all API requests:
headers = {
"Authorization": "YOUR_ACCESS_TOKEN",
"Content-Type": "application/json"
}Token Management
Refresh Access Token
When your access token expires, use the refresh token to get a new one:
import requests
body = {"refreshToken": "YOUR_REFRESH_TOKEN"}
response = requests.post(
"https://api-sandbox.poweredbyibex.io/auth/refresh-access-token",
headers={"Content-Type": "application/json"},
json=body
)
print(response.json())Response:
{
"accessToken": "",
"expiresAt": 1643819877
}Revoke Refresh Token
To invalidate a refresh token and all associated access tokens:
import requests
body = {"refreshToken": "YOUR_REFRESH_TOKEN"}
response = requests.post(
"https://api-sandbox.poweredbyibex.io/auth/revoke-refresh-token",
headers={"Content-Type": "application/json"},
json=body
)
print(response.status_code) # Should return 204Password Management
Change Password
To change your account password:
import requests
body = {
"proposedPassword": "NewSecurePassword123!",
"previousPassword": "CurrentPassword123!"
}
response = requests.post(
"https://api-sandbox.poweredbyibex.io/auth/change-password",
headers={"Authorization": "Bearer YOUR_ACCESS_TOKEN"},
json=body
)
print(response.status_code) # Should return 204Forgot Password
To initiate password reset via email:
import requests
body = {"email": "[email protected]"}
response = requests.post(
"https://api-sandbox.poweredbyibex.io/auth/forgot-password",
headers={"Content-Type": "application/json"},
json=body
)
print(response.status_code) # Should return 204The user will receive a temporary password via email to use with the confirm forgot password endpoint.
Security Best Practices
Token Security
- Store tokens securely: Never expose tokens in client-side code or logs
- Use HTTPS: Always use secure connections when transmitting tokens
- Token rotation: Regularly refresh access tokens using refresh tokens
- Revoke when needed: Revoke refresh tokens when users log out or when compromised
Password Requirements
- Use strong passwords with a mix of characters
- Implement proper password hashing on your end if storing credentials
- Use the forgot password flow for password recovery
- Change passwords regularly and when potentially compromised
Error Handling
Common authentication errors and their meanings:
| Status Code | Description | Action |
|---|---|---|
400 | Bad Request - Invalid credentials or malformed request | Check request format and credentials |
401 | Unauthorized - Invalid or expired token | Refresh token or re-authenticate |
403 | Forbidden - Valid token but insufficient permissions | Check account permissions |
404 | Not Found - User account not found | Verify account exists |