The Sign In Borrower API signs in a borrower (i.e. creates a new user session). This API should be used when a borrower is signing in to a user account that has already been created.
This API can also be used to re-sign an existing access token (for a borrower that already signed in). In that case, you'll also pass the
accountRefreshToken header parameter but leave the request body empty.
After this step is complete, they will be signed in. You can add additional logic to your sign-in flow, including multi-factor phone authentication and email verification, by referring to response header. The header contains two fields encoded in the x-digifi-account JSON base64 string: isEmailNotVerified and isMfaIncomplete. These will either be true or undefined (no falsy value). Check these flags to optionally enforce phone authentication or email verification.
To use authentication with a phone number (phone verification code) please check the Sign In (Send Phone Verification Code) page.
You can specify refresh token expiration time using refreshTokenExpirationTimeMinutes body param. By default it equals to "30" (minutes). Min value is 30 (a half an hour), Max value is 10080 (1 week).
You don't need to pass this parameter when you re-sign an existing access token (using refresh token).
Make sure to add this parameter to each API call
Please note the following validations:
- A borrower user account should exist.
- The password should match the user's account password. (if you are using email/password option)
Below please find the JSON body for two example requests:
- Example 1: Signing in a borrower (from a logged out state) using email/password.
- Example 2: Re-signing an existing access token (for an already-logged-in borrower)
- Example 3: Signing in a borrower (from a logged out state) using phone verification code.