Authentication

Authentication can be done in two ways.

API Key

This is the easiest way to authenticate, simply add the x-api-key header with your API Key to your requests.

API Key + JWT Signing

Using JWT adds a degree of complexity but it is strongly recommended to use when you are going to call this API in client-side applications. The JWT Token offers an additional layer of security since it will remain in your source code and will not be sent with requests. You will still need to add the x-api-key to your requests and this time also x-signature. It can be generated as follows:

import (
	"github.com/golang-jwt/jwt/v5"
)

func GenerateSignature(apiKey, jwtKey string) (string, error) {
	claims := jwt.MapClaims{}
	claims["key"] = apiKey
	claims["exp"] = time.Now().Add(time.Second * 15).Unix() // this prevents replay attacks

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	tokenString, err := token.SignedString([]byte(jwtKey))
	if err != nil {
		return "", err
	}

	return tokenString, nil
}

const jwt = require('jsonwebtoken');

function generateSignature(apiKey, jwtKey) {
  const claims = {
    key: apiKey,
    // Set expiration to 15 seconds from now to prevent replay attacks
    exp: Math.floor(Date.now() / 1000) + 15,
  };

  try {
    const tokenString = jwt.sign(claims, jwtKey, { algorithm: 'HS256' });
    return tokenString;
  } catch (err) {
    throw err;
  }
}

The following function requires PyJWT to be installed.

pip install PyJWT

import jwt
import time

def generate_signature(api_key, jwt_key):
    claims = {
        'key': api_key,
        # Set expiration to 15 seconds from now to prevent replay attacks
        'exp': int(time.time()) + 15,
    }

    try:
        token_string = jwt.encode(claims, jwt_key, algorithm='HS256')
        return token_string
    except Exception as error:
        raise error

PreviousFlow 2: Fingerprint Endpoint NextAkamai

Last updated 1 year ago