User JWTs let developers access API resources that are user-level. The token ensures that the endpoint will return data for the user specified in the JWT payload, and no other user data can be accessed with this token.

Generate a User-Specific JWT.

1. Retrieve your client_id and client_secret from the Developer Dashboard.

2. Retrieve the ID of the user for the token. Depending on your developer configuration, this value could be user.uid, user.id, or user.guid.

3. Make a call to the Authorization server with your Oauth2 credentials and the valid user ID in the payload. For this example, we will use guid as the ID field, though any of the three are considered valid:

   curl --request POST \\
     --url <https://dev-jhhgu9vc.auth0.com/oauth/token> \\
     --header 'content-type: application/json' \\
     --data '{"client_id":"{YOUR_CLIENT_ID}","client_secret":"{YOUR_CLIENT_SECRET}","guid":"{USER_ID}", "audience":"<https://link-money-api/","grant_type":"client_credentials>"}'
   

4. If the Authorization server recognizes your Oauth2 credentials, it will respond with a JSON payload containing the user-specific bearer token:

   {
   	"token": "{YOUR_BEARER_TOKEN}",
   	"type": "Bearer"
   } 
   

5. Call to a user-specific resource in LinkMoney with this bearer token to retrieve data for the specified user:

   curl --request GET \\
     --url <https://linkmoney.fingoal.com/v1/{user-specific-resource}> \\
     --header 'Authorization: Bearer {YOUR_BEARER_TOKEN}'
   

Considerations

• User tokens access only resources that are user-specific.
• User tokens expire after 3 hours, after which point they must be regenerated.
• User tokens will be generated regardless of whether the user with the specified ID exists in the LinkMoney API. Calls to user-specific endpoints with tokens that are for a non-existent user will return {} empty JSON.