Partners Portal API

Authentication

Endpointhttps://api-qua-portalparceiros.bancoctt.pt

Authenticate

POST

https://api-qua-portalparceiros.bancoctt.pt

/v1/authentication

Authenticate a partner and return a session token

The combination of xClientID and xClientSecret identify the master of the calling brokerID.

The brokerID is then verified to assess if it belongs to that master and has api access.

Lastly the userID is verified to ensure it belongs to the calling broker and that also has api access. For this to be accomplished the user must be previously created in the Partners Portal system as well as the broker and the master.

The token lasts for 30 minutes of inactivity and can be used in further requests by adding it to the "Authorization" header as a Bearer token.

For every subsequent request with the token the inactivity timer is reset.

Authenticate › Headers

xClientID

string · required

Part of the combination to identify the master of the calling brokerID

xClientSecret

string · required

Part of the combination to identify the master of the calling brokerID

xBrokerUID

string · uuid · required

Calling broker's unique identifier

xUsername

string · required

Username of the user belonging to the calling broker

Authenticate › Responses

sessionToken

string

The session token to be further used in all subsequent api requests in order to authenticate

POST/v1/authentication

curl --request POST \
  --url https://api-qua-portalparceiros.bancoctt.pt/v1/authentication \
  --header 'xBrokerUID: <string>' \
  --header 'xClientID: <string>' \
  --header 'xClientSecret: <string>' \
  --header 'xUsername: <string>'

shell

Example Responses

{
  "sessionToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ4Q2xpZW50SUQiOiJhc2QiLCJ4Q2xpZW50U2VjcmV0IjoiYXNkIiwiU2hvcnRQZXJpb2RUb2tlblVJRCI6IjY4ZGRlNjMzLTMyMGUtNGMzMi04MTQ5LTJiM2UyNTY4NWY5ZCIsImV4cCI6MTc2ODU2Mjc0MywiaXNzIjoiUGFydG5lclBvcnRhbEFQSSJ9.MZMDg7DA7eJT9B8R3dORjRxY-rHuP5-Htpo1uiuCmL8"
}

json

application/json

Partners

Partners Portal API

Authentication

Endpointhttps://api-qua-portalparceiros.bancoctt.pt

Authenticate

POST

https://api-qua-portalparceiros.bancoctt.pt

/v1/authentication

Authenticate a partner and return a session token

The combination of xClientID and xClientSecret identify the master of the calling brokerID.

The brokerID is then verified to assess if it belongs to that master and has api access.

The token lasts for 30 minutes of inactivity and can be used in further requests by adding it to the "Authorization" header as a Bearer token.

For every subsequent request with the token the inactivity timer is reset.

Authenticate › Headers

xClientID

string · required

Part of the combination to identify the master of the calling brokerID

xClientSecret

string · required

Part of the combination to identify the master of the calling brokerID

xBrokerUID

string · uuid · required

Calling broker's unique identifier

xUsername

string · required

Username of the user belonging to the calling broker

Authenticate › Responses

sessionToken

string

The session token to be further used in all subsequent api requests in order to authenticate

POST/v1/authentication

curl --request POST \
  --url https://api-qua-portalparceiros.bancoctt.pt/v1/authentication \
  --header 'xBrokerUID: <string>' \
  --header 'xClientID: <string>' \
  --header 'xClientSecret: <string>' \
  --header 'xUsername: <string>'

shell

Example Responses

{
  "sessionToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ4Q2xpZW50SUQiOiJhc2QiLCJ4Q2xpZW50U2VjcmV0IjoiYXNkIiwiU2hvcnRQZXJpb2RUb2tlblVJRCI6IjY4ZGRlNjMzLTMyMGUtNGMzMi04MTQ5LTJiM2UyNTY4NWY5ZCIsImV4cCI6MTc2ODU2Mjc0MywiaXNzIjoiUGFydG5lclBvcnRhbEFQSSJ9.MZMDg7DA7eJT9B8R3dORjRxY-rHuP5-Htpo1uiuCmL8"
}

json

application/json

Partners