Authentication uses Json Web Tokens (JWT) for authentication.

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Using JWT means it is easier to use the API as there are no network calls required in order to get an access token.

Generating the JWT

  • To generate the JWT token you will need your project key.
  • To sign the token you will need your project secret.

Recall that you can retrieve both your project key and project secret by logging into the developer's portal.

The JWT header expects JWT to use the HS256 algorithm. Make sure that your JWT header looks like this:

    "typ": "JWT",
    "alg": "HS256"

The JWT payload

The payload used to generate the JWT must specify your project key as the token issuer (the payload attribute name is iss). For a project with the key a36c3049b36249a3c9f8891cb127243c then the payload would like:

    "iss": "a36c3049b36249a3c9f8891cb127243c"

Signing the JWT

You can sign the token with your project secret. The subsequent token that is generated might look something like:


Note that you can add additional claims.

Making the request

  • To make an authenticated request to you will need to give your project id as part of the request URL. The project id can be retrieved by logging into the developer's portal.
  • You will also need to pass the generated JWT in the request header. An example request using curl might look like this:
curl{project_id} \
     -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhMzZjMzA0OWIzNjI0OWEzYzlmODg5MWNiMTI3MjQzYyIsImV4cCI6MTQ0MjQzMDA1NCwibmJmIjoxNDQyNDI2NDU0LCJpYXQiOjE0NDI0MjY0NTR9.AhumfY35GFLuEEjrOXiaADo7Ae6gt_8VLwX7qffhQN4'

You can refer to our example implementation in Java.

Libraries for generating JWT

  • There are many libraries available for generating JWTs programatically.
  • Take a look here for a list of different libraries across various programming languages.