Quick Start
Use this page to make your first authenticated request in under five minutes. The examples below walk through the Altafid login flow and the tenant and user headers required by all downstream APIs.
UAT base URL:
Sample tenant:
Sample user: Contact your integration team for credentials.
https://api.altafid.dev.altafid.netSample tenant:
T019A16FF372A70B5A9307B00CE85E4DASample user: Contact your integration team for credentials.
1. Login
curl "https://api.altafid.dev.altafid.net/api/auth/login" \
-X POST \
-H "accept: application/json" \
-H "content-type: application/json" \
--data '{
"username": "your-email@example.com",
"password": "YourPassword123!"
}'The login response can return one of three statuses:
| Status | Meaning | Next step |
|---|---|---|
LOGIN_SUCCESS | Access token and refresh token returned. | Continue with API calls. |
MFA_SETUP_REQUIRED | User must initialise MFA first. | Go to Authentication and MFA. |
MFA_REQUIRED | Password accepted but MFA verification is required. | Submit the challenge token to /api/auth/mfa/verify. |
{
"status": "LOGIN_SUCCESS",
"token": "eyJhbGciOiJIUzI1NiJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9...",
"username": "your-email@example.com",
"tenantUuid": "T019A16FF372A70B5A9307B00CE85E4DA",
"tenantStaffUuid": "TS019C06688AA57248B9EA5325DBDFC48E",
"userUuid": "TS019C06688AA57248B9EA5325DBDFC48E",
"tenantCode": "CONPAT_UAT",
"userType": "TENANT_STAFF",
"staffType": "ADMIN",
"expiresIn": 3600000,
"refreshExpiresIn": 604800000
}2. Build request headers
For all authenticated API requests, send the following headers using the values from your login response:
Authorization: Bearer {token}
x-tenant-uuid: {tenantUuid}
x-user-email: {username}
x-user-id: {tenantStaffUuid}
x-user-type: TENANT_STAFF3. First successful call
A safe first call is the contact list endpoint. It confirms your token, tenant scoping, and header values all work together.
curl "https://api.altafid.dev.altafid.net/api/contacts?page=0&size=1" \
-H "accept: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "x-tenant-uuid: T019A16FF372A70B5A9307B00CE85E4DA" \
-H "x-user-email: your-email@example.com" \
-H "x-user-id: TS019C06688AA57248B9EA5325DBDFC48E" \
-H "x-user-type: TENANT_STAFF"{
"content": [
{
"contactUuid": "C019B9D0FD0E5772F9E8ED189895D40C4",
"firstName": "Jane",
"paternalLastName": "Doe",
"contactType": "ACTIVE",
"firmType": "TENANT",
"firmEntityUuid": "T019A16FF372A70B5A9307B00CE85E4DA"
}
],
"pageable": {
"pageNumber": 0,
"pageSize": 1
},
"totalElements": 1
}
Success criteria: if this call returns a paginated JSON payload, your credentials, headers, and tenant context are wired correctly.
4. Next pages
- Platform Overview to understand all entities and their relationships.
- Shared Conventions for pagination, filtering, and error handling.
- Authentication and MFA for full token lifecycle behaviour.
- Contacts to start implementing the primary entity management APIs.