MVT Technologies | API Online Documentation

Buy Now

The MVT Technologies ID Verification System API implements secure Bearer Token authentication to ensure authorized access to all protected endpoints. This authentication mechanism provides a robust security layer while maintaining simplicity for developers.

Authentication Overview

All API requests to protected endpoints require a valid Bearer Token to be included in the Authorization header. The authentication process follows a two-step approach:

1. Token Generation: First, obtain an authentication token by calling the authentication endpoint with your credentials
2. Token Usage: Include the obtained token in the Authorization header for all subsequent API calls

Authentication Endpoint

Endpoint: POST /api/Auth/GetToken
URL: {domain}/api/Auth/GetToken

Headers Required:

{ 
"Content-Type": "application/json" 
}

Request Parameters:

{
"tenantKey": "",
"tenantSecret": "",
"expiresAt": "2025-12-20T16:03:20.656Z"
}

Successful Response: Returns a JSON object containing your access token:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Error Response:

{  
  "message": "Error message here",
}

Ensure to handle errors gracefully and prompt users to re-enter credentials if necessary.

Using Authentication Tokens

Once you have obtained the token, include it in the Authorization header for all subsequent requests:


Authorization: Bearer YOUR_TOKEN_HERE

Token Security Best Practices

Store credentials securely: Never expose tenant keys and secrets in client-side code.
Use HTTPS: Always use secure connections for authentication requests.
Token management: Implement proper token refresh logic before expiration.
Monitor usage: Keep track of token usage and implement rate limiting.
Immediate revocation: Revoke tokens immediately if compromised.

Code Snippets

This section provides practical examples of how to obtain authentication tokens from an API. The snippets demonstrate the process in cURL, PHP and Node.js, showing how to securely send credentials, handle responses, and retrieve tokens for subsequent API calls.


const axios = require('axios');

const AUTH_URL = 'https://www.example.co.za/api/Auth/GetToken';

async function getAuthToken() {
    const authData = {
        tenantKey: "your_tenant_key",
        tenantSecret: "your_tenant_secret",
        expiresAt: "2025-12-20T16:03:20.656Z"
    };

    try {
        const response = await axios.post(AUTH_URL, authData, {
            headers: {
                'Content-Type': 'application/json'
            }
        });
        
        console.log('Authentication successful');
        return response.data.token;
        
    } catch (error) {
        console.error('Authentication failed:', error.response?.data?.message || error.message);
        throw error;
    }
}


$apiUrl = "https://www.example.co.za/api/Auth/GetToken";

$context = stream_context_create([
    "http" => [
        "header" => "Content-Type: application/json\r\n",
        "method" => "POST",
        "content" => json_encode([
                "tenantKey" => "your_tenant_key",
                "tenantSecret" => "your_tenant_secret",
                "expiresAt" => "2025-12-20T16:03:20.656Z"
            ]),
        "ignore_errors" => true
    ]
]);

$response = file_get_contents($apiUrl, false, $context);

if ($response === false) {
    echo "Error requesting token.";
} else {
    echo "Token Response: " . $response;
}