ACCESSTRADE-Support

How do I authenticate publisher API requests?

Authentication

Authenticating ACCESSTRADE publisher API requests involves the JWT(JSON Web Tokens) specification.The authorization HTTP header must be specified with a bearer JWT which consists of 1 JWT header property - alg, and 2 JWT claims - sub and iat. The JWT has to be signed with the “secretKey” returned in the User Provisioning API response.

• alg: the encryption algorithm must be set to HS256
• sub: the “userUid” returned in the User Provisioning API response
• iat: an epoch time in seconds, generated on the client side

JWT Sample

• JWT Header

{
    "alg":"HS256"
}

• JWT Payload

{
   "sub":"myUserUid",
   "iat":1477204353
}

Required Http Request Headers for API Authentication

• Authorization: Bearer
• X-Accesstrade-User-Type: publisher