Authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
The API requires a Bearer authentication header. We recommend signing a short-lived JWT token on your client.
JSON Web Token (JWT) is an open standard () that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.
You can use any JWT-library that is capable to generate, sign and encode a token. You received the following credentials from TapRaise:
Account email address
Private key ID
Private key (PKCS8)
Please securely store the private key data, as it grants access to your data.
Use the header and claims as described below to create a JWT that is accepted by the API.
Header
kid
(key id): What key was used for signature, use private key ID as provided.
alg
(algorithm): Algorithm used for signature, always RS256
.
Custom claims
email
(email address): The account email address as provided.
Reserved claims
iss
(issuer): Issuer of the JWT, also the account email address as provided.
iat
(issued at time): Time at which the JWT was issued; can be used to determine age of the JWT.
exp
(expiration time): Time after which the JWT expires.
Creating a JWT with
- Introduction to JWT's
- Libraries
- CLI tool to decode and encode JWTs
- Other examples