Financbase Logo

Authentication

Secure authentication and access control

User Authentication

Financbase supports multiple authentication methods to provide secure access to your account while maintaining a smooth user experience.

Supported Methods:

  • Email and password authentication
  • Social login (Google, Microsoft, GitHub)
  • Single Sign-On (SSO) with SAML 2.0
  • Magic link authentication
  • API key authentication for programmatic access

Multi-Factor Authentication (MFA)

Enable MFA to add an extra layer of security to your account. Even if your password is compromised, your account remains protected.

MFA Options:

  • Time-based One-Time Password (TOTP) via authenticator apps
  • SMS-based verification codes
  • Hardware security keys (WebAuthn/FIDO2)
  • Backup codes for account recovery

API Authentication

All API requests require authentication using API keys or OAuth 2.0 tokens. API keys should be kept secure and never exposed in client-side code.

Authorization: Bearer YOUR_API_KEY

Session Management

Financbase implements secure session management with configurable timeout policies and the ability to revoke sessions remotely.

Session Features:

  • Configurable session timeout (default: 24 hours)
  • Remember me functionality with extended sessions
  • Device tracking and management
  • Remote session revocation
  • Session activity logs

Security Best Practices

Follow these best practices to keep your account secure:

  • Enable MFA for all accounts, especially admin accounts
  • Use strong, unique passwords (minimum 12 characters)
  • Rotate API keys regularly (every 90 days recommended)
  • Never share API keys or credentials
  • Review active sessions regularly and revoke unused ones
  • Use IP whitelisting for API access when possible
  • Keep authentication libraries and SDKs up to date