You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _authentication.md
+15-9Lines changed: 15 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Authentication
2
2
3
-
Uphold is an OAuth 2.0compliant service.
3
+
Uphold is an [OAuth 2.0](https://oauth.net/2/)-compliant service.
4
4
5
5
Partners looking to integrate with our API must [register an application](#registering-an-application).
6
6
Applications that implement a user-facing web interface, to provide custom functionality for multiple Uphold users, should use the [Web Application Flow](#web-application-flow).
intention | no | Unauthenticated users will be redirected to the `login` page, this behavior can be changed by sending `signup` as the `intention` value.
28
-
scope | yes | Permissions to request from the user.
intention | no | By default, unauthenticated users will be redirected to the `login` page. This behavior can be changed by sending `signup` as the `intention` value.
34
+
scope | yes | Permissions to request from the user. Multiple scopes [should be](https://tools.ietf.org/html/rfc6749#section-3.3) separated by spaces.
29
35
state | yes | An unguessable, cryptographically secure random string used to protect against cross-site request forgery attacks.
30
36
31
37
### Step 2 - Requesting a Token
@@ -92,15 +98,15 @@ Once you have obtained an access token you may call any protected API method on
92
98
<asideclass="notice">
93
99
<strong>Security Notice</strong>: No other method of authentication is supported. For security reasons only the "Authorization" header will be processed.
94
100
95
-
This prevents attackers from stealing tokens from the user's browser history, logs, referer headers and other unsecure locations when credentials are sent via query URLs.
101
+
This prevents attackers from stealing tokens from the user's browser history, logs, referrer headers and other insecure locations when credentials are sent via query URLs.
96
102
</aside>
97
103
98
104
## Client Credentials Flow
99
105
100
106
Ideal for backend integrations that do not require access to other Uphold user accounts.
101
107
102
108
For **business usage only** you may choose to use client credentials authentication.
103
-
This requires manual approval from Uphold.
109
+
This requires [manual approval](#support) from Uphold.
104
110
105
111
### Creating a Token
106
112
@@ -146,7 +152,7 @@ Once you have obtained a client credentials token you may call any protected API
146
152
<asideclass="notice">
147
153
<strong>Security Notice</strong>: No other method of authentication is supported.
148
154
For security reasons only the "Authorization" header will be processed.
149
-
This prevents attackers from stealing tokens from the user's browser history, logs, referer headers and other unsecure locations when credentials are sent via query URLs.
155
+
This prevents attackers from stealing tokens from the user's browser history, logs, referrer headers and other insecure locations when credentials are sent via query URLs.
You can use Basic Authentication by providing your email and password combination.
272
278
273
-
If OTP (One-Time Password, also known as Two-Factor Authentication) is required, then you will get a [401 HTTP error](#errors), along with the HTTP headers`OTP-Token: Required` and `OTP-Method-Id: Required`.
274
-
In which case, execute the command above again, this time passing your OTP verification code and method id as a headers, like so: `OTP-Token: <OTP-Token>` and `OTP-Method-Id: <OTP-Method-Id>`.
279
+
If OTP (One-Time Password, also known as Two-Factor Authentication) is required, then you will get a [401 HTTP error](#errors), along with the HTTP header`OTP-Token: Required` and/or`OTP-Method-Id: Required`.
280
+
In which case, execute the command above again, this time passing your OTP verification code and method id as headers, like so: `OTP-Token: <OTP-Token>` and `OTP-Method-Id: <OTP-Method-Id>`.
Copy file name to clipboardExpand all lines: _entities.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -134,7 +134,7 @@ name | The display name of the contact created by joining the first and las
134
134
}
135
135
```
136
136
137
-
A currency pair is the combination of two currencies, encoded as two currency codes, e.g. USD, GBP, EUR, concatenated together to represent the current status of converting the first currency into the second.
137
+
A currency pair is the combination of two currencies, encoded as two [currency codes](#currencies) concatenated together to represent the current status of converting the first currency into the second.
138
138
For example, the currency pair "BTCUSD" represents moving from bitcoin to US dollars.
To assist developers with tracking the overall status of our Reserve, we provide a summary of all the obligations and assets within it.
257
-
Then for convenience's sake we compute the value of each our holdings in all of the currencies we support, making it easy for example to display our total US dollar liabilities, but expressed in Euros.
257
+
Then, for convenience's sake, we compute the value of each our holdings in all of the currencies we support, making it easy for example to display our total US dollar liabilities, but expressed in Euros.
258
258
For example, a request to fetch a summary will return an array of assets with the following properties:
259
259
260
260
Property | Description
@@ -354,7 +354,7 @@ Instead, Uphold owes them the $507.51 they exchanged for that bitcoin.
354
354
</code></pre>
355
355
356
356
This transfer of value affects our liabilities immediately and in real-time, and thus is reflected in real-time in the ledger.
357
-
But when our obligations to our members change a possible imbalance in our Reserve is introduced.
357
+
But when our obligations to our members change, a possible imbalance in our Reserve is introduced.
358
358
To compensate for this, we must make changes to the assets as well.
359
359
These changes to our assets may or may not happen in real-time.
360
360
This would therefore be recorded in our ledger at some point in the future as follows:
@@ -469,7 +469,7 @@ By following these transactions you walk backwards down different paths of the R
469
469
### Security and Privacy
470
470
471
471
All transactions are made public, but specific details about the transaction may be withheld from parties who were not a party to said transaction.
472
-
To control this we would require developers to authenticate prior to retrieving privileged information relating to a transaction.
472
+
To control this, we require developers to authenticate prior to retrieving privileged information relating to a transaction.
0 commit comments