Authentication with AWS Cognito
Villa Payment API uses AWS Cognito for authentication. All API requests must include a valid Cognito ID token in the Authorization header.
Overview
- Authentication is handled by AWS Cognito User Pools.
- Obtain an ID token by authenticating with Cognito (e.g., via hosted UI, SDK, or your app's login flow).
- Pass the ID token in the
Authorizationheader as a Bearer token for all API requests.
Getting Started
1. Obtain a Cognito ID Token
Authenticate your user using Cognito. You can use the AWS Amplify library, AWS SDK, or directly integrate with Cognito's endpoints. After successful authentication, you will receive an ID token (JWT).
Example using AWS Amplify (JavaScript):
import { Auth } from "aws-amplify";
const user = await Auth.signIn(username, password);
const idToken = user.signInUserSession.idToken.jwtToken;
Example using Cognito Hosted UI:
- Redirect users to the Cognito Hosted UI for login.
- After login, Cognito will redirect back to your app with tokens in the URL fragment or as a code to exchange for tokens.
2. Make Authenticated API Requests
Include the Cognito ID token in the Authorization header:
curl -X GET "https://api.villapayment.com/v1/payments/payment_id" \
-H "Authorization: Bearer <your_cognito_id_token>" \
-H "Content-Type: application/json"
Best Practices
- Secure Storage: Store tokens securely and never expose them in client-side code unless necessary.
- Token Expiry: Handle token expiration and refresh tokens as needed.
- Error Handling: Handle authentication errors gracefully and prompt users to re-authenticate if needed.
- HTTPS: Always use HTTPS to protect tokens in transit.
Security Considerations
- Never expose tokens in public repositories or logs.
- Validate tokens on the backend using Cognito's public keys (JWT verification).
- Monitor authentication attempts and set up alerts for suspicious activity.
Support
If you have issues with authentication or Cognito integration:
- Refer to the AWS Cognito documentation
- Contact your system administrator or support team for help with Cognito configuration.