API Tokens

Authorization and token types

The mobile app currently SIS tokens (short for Sign-In Service). SIS is an in-house VA auth service.

SIS tokens are over a thousand characters long.

You have to include an additional header when using SIS tokens: Authentication-Method: SIS

Fetching API tokens

We host a web app on heroku for fetching api tokens. You can fetch tokens in two ways:

Manual: Go to the token generator web app and log in with a test user. User credentials are in 1Password.
Automated: These requests use basic auth (ask teammates for username and password) and will only work if the test user has previously been logged in via the manual approach and the user's refresh token is still valid. The route for fetching SIS tokens is:

GET https://va-mobile-cutter.herokuapp.com/auth/sis/token/judy.morrison@id.me

Working on the token app

View code for the token fetcher app and instructions for development can be found in the README. To work on the app, you will need write access to the repo and admin access to the heroku instance.

Authorization and token types​

Fetching API tokens​

Working on the token app​

Authorization and token types

Fetching API tokens

Working on the token app