Redirect User to a SIWF-Compatible Service (e.g. Frequency Access)

To start the authentication loop, your application will generate an Authentication URL for each user.

Note: The following instruction examples are based on Frequency Access.

Quick Reference

Staging-Testnet: https://testnet.frequencyaccess.com/siwa/start
Production-Mainnet: https://www.frequencyaccess.com/siwa/start
Generate Login Request Payload and Signature: Generator Tool
Request Structure: SiwfRequest
Signed Request Structure: SiwfSignedRequest

Step 1: Generate the Signed Request Payload

You can generate more than one of these to use simultaneously. Most applications should generate and keep their needed value(s) static. The generated signed request payload is secured by the signature included in it, and it is not sensitive data.

Signed Request Payload Contents

A signature from one of the Control Keys of the Frequency Provider
The domain and path the callback will use
The requested permissions
The requested credentials

Signed Request Payload Generator

Generate one or more login request payloads and signatures (signedRequest) using the Generator Tool.

Signed Request Payload Detailed Documentation

For details on the Payload and how it is formed, see the Reference Documentation.

Step 2: Build the Authentication URL Parameters

Parameter: `signedRequest`

The Base64url encoded value from Step 1.

Reminder: This includes the callback domain that will be used.

Additional Parameters are Forwarded

Any additional parameters that do not collide with reserved parameter names on the Authentication URL are passed through unchanged.

Note: These parameters are not protected and could be changed by malicious actors. Take care when using them for security-related data.

Example

https://www.frequencyaccess.com/siwa/start?signedRequest=<request value>&key1=<value1>&key2=<value2>&other=<result>
Will result in callback URL parameters of: ?authorizationCode=<authorization code>&key1=<value1>&key2=<value2>&other=<result>

Step 3: Build the Authentication URL

Taking the parameters from the previous step, build an Authentication URL using the correct base for the SIWF path of /start:

Staging-Testnet: https://testnet.frequencyaccess.com/siwa/start
Production-Mainnet: https://www.frequencyaccess.com/siwa/start

The SIWF System will send the user back by building the callback URL. The callback URL will be built with:

The callback from the signedRequest
Appending any additional GET request parameters
Appending the reserved URL parameter of authorizationCode

The callback URL will maintain all non-reserved URL parameters. For example, if you wish to correlate the original unauthorized session with the authorized session, you can generate a dynamic parameter with a random UUIDv4 identifier on each request.

Example

Parameters

{
  "signedRequest": "eyJyZXF1ZXN0ZWRTaWduYXR1cmVzIjp7InB1YmxpY0tleSI6eyJlbmNvZGVkVmFsdWUiOiJmNmNMNHdxMUhVTngxMVRjdmRBQk5mOVVOWFhveUg0N21WVXdUNTl0elNGUlc4eURIIiwiZW5jb2RpbmciOiJiYXNlNTgiLCJmb3JtYXQiOiJzczU4IiwidHlwZSI6IlNyMjU1MTkifSwic2lnbmF0dXJlIjp7ImFsZ28iOiJTUjI1NTE5IiwiZW5jb2RpbmciOiJiYXNlMTYiLCJlbmNvZGVkVmFsdWUiOiIweDk2MGYxOTVkYzFmOTFiZjcxYzBiMzUyMzE1MGFlMzc0NzFiZWRlMDdhMDAzOTA5NjQ3Y2NmMDQwYWNkNWNkMDRlYTQ4NzBiZDEyNGNhZmEyZGViNTliMGUzNzhjYjE5ZmJjNmFmNjAxYjc1NTU5ZmFhYjdiNzY4ZGU4MWEwOTgzIn0sInBheWxvYWQiOnsiY2FsbGJhY2siOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJwZXJtaXNzaW9ucyI6WzUsNyw4LDksMTBdfX0sInJlcXVlc3RlZENyZWRlbnRpYWxzIjpbeyJ0eXBlIjoiVmVyaWZpZWRHcmFwaEtleUNyZWRlbnRpYWwiLCJoYXNoIjpbImJjaXFtZHZteGQ1NHp2ZTVraWZ5Y2dzZHRvYWhzNWVjZjRoYWwydHMzZWV4a2dvY3ljNW9jYTJ5Il19LHsiYW55T2YiOlt7InR5cGUiOiJWZXJpZmllZEVtYWlsQWRkcmVzc0NyZWRlbnRpYWwiLCJoYXNoIjpbImJjaXFlNHFvY3poZnRpY2k0ZHpmdmZiZWw3Zm80aDRzcjVncmNvM29vdnd5azZ5NHluZjQ0dHNpIl19LHsidHlwZSI6IlZlcmlmaWVkUGhvbmVOdW1iZXJDcmVkZW50aWFsIiwiaGFzaCI6WyJiY2lxanNwbmJ3cGMzd2p4NGZld2NlazVkYXlzZGpwYmY1eGppbXo1d251NXVqN2UzdnUydXducSJdfV19XX0",
  "mode": "dark"
}

Testnet Authentication URL

"https://testnet.frequencyaccess.com/siwa/start?signedRequest=eyJyZXF1ZXN0ZWRTaWduYXR1cmVzIjp7InB1YmxpY0tleSI6eyJlbmNvZGVkVmFsdWUiOiJmNmNMNHdxMUhVTngxMVRjdmRBQk5mOVVOWFhveUg0N21WVXdUNTl0elNGUlc4eURIIiwiZW5jb2RpbmciOiJiYXNlNTgiLCJmb3JtYXQiOiJzczU4IiwidHlwZSI6IlNyMjU1MTkifSwic2lnbmF0dXJlIjp7ImFsZ28iOiJTUjI1NTE5IiwiZW5jb2RpbmciOiJiYXNlMTYiLCJlbmNvZGVkVmFsdWUiOiIweDk2MGYxOTVkYzFmOTFiZjcxYzBiMzUyMzE1MGFlMzc0NzFiZWRlMDdhMDAzOTA5NjQ3Y2NmMDQwYWNkNWNkMDRlYTQ4NzBiZDEyNGNhZmEyZGViNTliMGUzNzhjYjE5ZmJjNmFmNjAxYjc1NTU5ZmFhYjdiNzY4ZGU4MWEwOTgzIn0sInBheWxvYWQiOnsiY2FsbGJhY2siOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJwZXJtaXNzaW9ucyI6WzUsNyw4LDksMTBdfX0sInJlcXVlc3RlZENyZWRlbnRpYWxzIjpbeyJ0eXBlIjoiVmVyaWZpZWRHcmFwaEtleUNyZWRlbnRpYWwiLCJoYXNoIjpbImJjaXFtZHZteGQ1NHp2ZTVraWZ5Y2dzZHRvYWhzNWVjZjRoYWwydHMzZWV4a2dvY3ljNW9jYTJ5Il19LHsiYW55T2YiOlt7InR5cGUiOiJWZXJpZmllZEVtYWlsQWRkcmVzc0NyZWRlbnRpYWwiLCJoYXNoIjpbImJjaXFlNHFvY3poZnRpY2k0ZHpmdmZiZWw3Zm80aDRzcjVncmNvM29vdnd5azZ5NHluZjQ0dHNpIl19LHsidHlwZSI6IlZlcmlmaWVkUGhvbmVOdW1iZXJDcmVkZW50aWFsIiwiaGFzaCI6WyJiY2lxanNwbmJ3cGMzd2p4NGZld2NlazVkYXlzZGpwYmY1eGppbXo1d251NXVqN2UzdnUydXducSJdfV19XX0&mode=dark"

Step 3: Redirect the User

Redirect the user's Browser or Embedded Browser (for mobile apps) to the Authentication URL.
- SafariViewController for iOS
- Chrome Custom Tabs for Android