login flow

A client_id + client_secret pair is issued for getting the API access and you have to register a redirect url where a user is sent after the login flow. For mobile and desktop applications, there has to be a remote backend which does the handshake on behalf of the mobile app and the api_secret should never be embedded in the app. Once you get the access token, this is passed in Header for all the future calls

Login Flow

** Flow chart for Login **

Steps to Login

Steps to get the access token.

Step1. The Login flow starts with navigating the public login endpoint in the browser. “https://api.wealthy.in/wealthyauth/dashboard/login/?redirect_url={your redirect URI}&client_id=xxx” This will take us to the Login screen for Wealthy.

Step 2.

Once a user logs in successfully, it redirects to the redirect URL registered on the developer console for that client_id and sends authorization_code as a URL query parameter.

Step3.

The authorization_code, client_id and client_secret are sent via a post request to get the access token. Once the access token is retrieved, this could be passed in the header for all the future API calls.

Warning: Never expose your client_secret by embedding it in a mobile app or a client side application. Do not expose the access_token you obtain for a session to the public either

Access Token

LOGIN API DETAILS

Create an access Token

To generate an access_token after the successful login. The access token received would be passed to access the APIs.

Request

curl --location --request GET '{BASEURL}/fetch-oauth-access-token/' \
--header 'Content-Type: application/json' \
--data-raw '{
	“client_id”: client_id,
	“client_secret” : client_secret,
	“Authorization_code” : authorization_code
}

Response

{
	“access_token”: “xxxxx”
	“expiry_time”: 8000
}

Response attributes