Authentication
Authentication happens in two steps. First, log in with your credentials to get a sessionID. Then verify with an OTP to get the actual token used in all API calls.
2.1 Step 1 — Login
Endpoint
POST https://api.riskmaster.signalx.ai/query
Content-Type: application/json
Request Body
{
"operationName": "Login",
"query": "mutation Login($username: String!, $password: String!, $appId: Int) { login(username: $username, password: $password, appId: $appId) { message code sessionID } }",
"variables": {
"username": "your-email@company.com",
"password": "your-password",
"appId": 10
}
}
cURL Example
curl --location 'https://api.riskmaster.signalx.ai/query' \
--header 'Content-Type: application/json' \
--data '{
"operationName": "Login",
"query": "mutation Login($username: String!, $password: String!, $appId: Int) { login(username: $username, password: $password, appId: $appId) { message code sessionID } }",
"variables": {
"username": "your-email@company.com",
"password": "your-password",
"appId": 10
}
}'
Response: 200 OK with a sessionID in the response body. Pass this sessionID into Step 2.
Do not hardcode credentials in your application.
2.2 Step 2 — OTP Verification
After login, verify with a fixed OTP provided by SignalX. This returns the token used in all downstream API calls.
Endpoint
POST https://api.riskmaster.signalx.ai/query
Content-Type: application/json
Request Body
{
"operationName": "OTP",
"query": "mutation OTP($otp: String!, $sessionID: String!, $appId: Int) { otp(otp: $otp, sessionID: $sessionID, appId: $appId) { message code token userDetails { username firstName lastName email } } }",
"variables": {
"appId": 10,
"otp": "<YOUR_FIXED_OTP>",
"sessionID": "<SESSION_ID_FROM_STEP_1>"
}
}
cURL Example
curl --location 'https://api.riskmaster.signalx.ai/query' \
--header 'Content-Type: application/json' \
--data '{
"operationName": "OTP",
"query": "mutation OTP($otp: String!, $sessionID: String!, $appId: Int) { otp(otp: $otp, sessionID: $sessionID, appId: $appId) { message code token userDetails { username firstName lastName email } } }",
"variables": {
"appId": 10,
"otp": "<YOUR_FIXED_OTP>",
"sessionID": "<SESSION_ID_FROM_STEP_1>"
}
}'
Sample Response
{
"data": {
"otp": {
"message": "Token created successfully",
"code": "OK",
"token": "<JWT_TOKEN>",
"userDetails": {
"username": "john.doe",
"firstName": "John",
"lastName": "Doe",
"email": "john.doe@company.com"
}
}
}
}
Variables
| Variable | Type | Required | Description |
|---|---|---|---|
username | String | Yes | Registered username (typically an email address). |
password | String | Yes | Account password. |
appId | Int | No | Application identifier, defaults to 10 for standard app. |
Response fields
| Field | Type | Description |
|---|---|---|
message | String | Human‑readable message describing the result. |
code | String | Status or error code for the outcome of authentication. |
sessionID | String | Session token; use as auth_token cookie or Bearer token for other APIs. |
How to use the token
Copy the token value and pass it in every subsequent API call as:
Authorization: Bearer <JWT_TOKEN>
The token is valid for 24 hours. If you receive a
401 Unauthorizederror, re-authenticate from Step 1 and get a fresh token.