Skip to main content

Search

01-Login with App Token

Login to GTR server using App Token authentication method and retrieve VASP list.
Users generate App Token and send request to the list API endpoint.
The system automatically validates the app token for successful login.

Expected Request (VASP → GTR)

Method: GET
Base URL: https://uat-platform.globaltravelrule.com
Endpoint: /api/common/v3/vasp/list
Authentication:
- mTLS (Mutual Transport Layer Security) when sending the API
- App Token authentication via X-Authorization header
Header:
- Content-Type: application/json
- X-Authorization: [AppToken]
Body: No request body required for this GET request.

set -e

export CURL_SSL_BACKEND="openssl"

curl -v --silent --location --request GET 'https://uat-platform.globaltravelrule.com/api/common/v3/vasp/list' \
    -k --cert ./certificate.pem --key ./privateKey.pem \
    --header 'Content-Type: application/json' \
    --header 'X-Authorization: [AppToken]'

Hint:

[AppToken] is the base64-encoded JSON containing secretToken, accessKey, algorithm, nonce, timestamp, expires, and verifyType
App Token expires in 15 seconds (recommended) after generation
Use UTC+0 timezone for timestamp (13 digits)

Materials:

Authentication - App Token

Expected Response (GTR → VASP)

HTTP Status Code: 200

{
  "data": [
    {
      "vaspCode": "example_vasp_001",
      "vaspName": "Example VASP 1",
      "status": "active"
    },
    {
      "vaspCode": "example_vasp_002", 
      "vaspName": "Example VASP 2",
      "status": "active"
    }
  ],
  "verifyStatus": 100000,
  "verifyMessage": "success",
  "success": true
}

Expected Request (VASP → GTR)
Expected Response (GTR → VASP)