Authentication
Authentication can be done in two ways.
API Key
This is the easiest way to authenticate, simply add the x-api-key header with your API Key to your requests.
API Key + JWT Signing
Using JWT adds a degree of complexity but it is strongly recommended to use when you are going to call this API in client-side applications.
The JWT Token offers an additional layer of security since it will remain in your source code and will not be sent with requests.
You will still need to add the x-api-key to your requests and this time also x-signature. It can be generated as follows:
import (
"github.com/golang-jwt/jwt/v5"
)
func GenerateSignature(apiKey, jwtKey string) (string, error) {
claims := jwt.MapClaims{}
claims["key"] = apiKey
claims["exp"] = time.Now().Add(time.Second * 15).Unix() // this prevents replay attacks
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString([]byte(jwtKey))
if err != nil {
return "", err
}
return tokenString, nil
}const jwt = require('jsonwebtoken');
function generateSignature(apiKey, jwtKey) {
const claims = {
key: apiKey,
// Set expiration to 15 seconds from now to prevent replay attacks
exp: Math.floor(Date.now() / 1000) + 15,
};
try {
const tokenString = jwt.sign(claims, jwtKey, { algorithm: 'HS256' });
return tokenString;
} catch (err) {
throw err;
}
}
The following function requires PyJWT to be installed.
pip install PyJWTimport jwt
import time
def generate_signature(api_key, jwt_key):
claims = {
'key': api_key,
# Set expiration to 15 seconds from now to prevent replay attacks
'exp': int(time.time()) + 15,
}
try:
token_string = jwt.encode(claims, jwt_key, algorithm='HS256')
return token_string
except Exception as error:
raise error
Last updated