Learn about the different types of tokens, their purpose, and how to generate tokens.
We use tokens to authenticate all actions performed using ZWITCH Elements. Tokens allow us to validate that an action was performed on your application frontend and that the user has the necessary permissions to perform the action.
After authentication, the request is processed by us. Requests sent to ZWITCH servers without a token are not processed.
Best Practices
Below are some best practices you must follow when generating and using tokens for your elements.
- Once generated, the token is valid for 60 minutes.
- Tokens should only be generated on your backend server. To protect your API Keys, we do not allow this API to be triggered from the application frontend.
- After generating a token, it should be passed to your application frontend in the Initialize Element and Pass Token code snippet. Ensure you have a secure mechanism in place to pass the token to your application frontend.
Types of Tokens
Currently, we support 3 types of token generation which are listed below:
- Onboarding
- Customer
- Transfer
Different elements require different types of tokens for authentication. Use the Token API to generate the required token.
The table below lists the various elements and the type of tokens required to authenticate each element.
Element | Token Type Required |
---|---|
Onboarding | Onboarding Token |
Balance Check | Customer Token |
Fund Transfer | Transfer Token |
Account Statement | Customer Token |
Debit Card | Customer Token |
Aadhaar Verification | Customer Token |
IR Transfer Request | Transfer Token |
IR Documents Upload | |
IR UPI Collect | Transfer Token |
Prefill Information in an Element
To prefill information in an element, pass the required information within the request_details
object in the Token API request body.
Refer to the Token API Object page to learn more about what information can be prefilled in an element.