Sign In (Create Session)

How to start a user session for a borrower with an existing digital lending user account.

The Sign In Borrower API signs in a borrower (i.e. creates a new user session). This API should be used when a borrower is signing in to a user account that has already been created.

This API can also be used to re-sign an existing access token (for a borrower that already signed in). In that case, you'll also pass the accountRefreshToken header parameter but leave the request body empty.

After this step is complete, they will be signed in. You can add additional logic to your sign-in flow, including multi-factor phone authentication and email verification, by referring to response header. The header contains two fields encoded in the x-digifi-account JSON base64 string: isEmailNotVerified and isMfaIncomplete. These will either be true or undefined (no falsy value). Check these flags to optionally enforce phone authentication or email verification.

To use authentication with a phone number (phone verification code) please check the Sign In (Send Phone Verification Code) page.

You can specify refresh token expiration time using refreshTokenExpirationTimeMinutes body param. By default it equals to "30" (minutes). Min value is 30 (a half an hour), Max value is 10080 (1 week).

You don't need to pass this parameter when you re-sign an existing access token (using refresh token).


Make sure to add this parameter to each API call

Create Account
Create Account (Accept Invitation)
Sign In (Create Session)

Please note the following validations:

  • A borrower user account should exist.
  • The password should match the user's account password. (if you are using email/password option)

Example Requests

Below please find the JSON body for two example requests:

  • Example 1: Signing in a borrower (from a logged out state) using email/password.
  • Example 2: Re-signing an existing access token (for an already-logged-in borrower)
  • Example 3: Signing in a borrower (from a logged out state) using phone verification code.
    "email": "[email protected]",
    "password": "123QW@qwe!",
Do not include a body in this case.
  "phoneVerificationCode": "123456"