Authentication
All Partner API requests require JWT (JSON Web Token) authentication. This guide explains how to generate and use authentication tokens.
JWT Token Structure
Your JWT token must include:
clientId- Your unique partner client identifieriat- Issued at timestamp (current Unix time)exp- Expiration timestamp (typically 15 minutes from now)
Generating JWT Tokens
Node.js Example
const jwt = require("jsonwebtoken");
function generateToken(clientId, secretKey) {
const now = Math.floor(Date.now() / 1000);
const payload = {
clientId: clientId,
iat: now,
exp: now + 900, // 15 minutes expiration
};
return jwt.sign(payload, secretKey);
}
// Usage
const token = generateToken("your-client-id", "your-secret-key");
console.log("JWT Token:", token);
Python Example
import jwt
import time
def generate_token(client_id, secret_key):
now = int(time.time())
payload = {
"clientId": client_id,
"iat": now,
"exp": now + 900 # 15 minutes expiration
}
return jwt.encode(payload, secret_key, algorithm="HS256")
# Usage
token = generate_token("your-client-id", "your-secret-key")
print("JWT Token:", token)
cURL Example
# First, generate the token using your preferred method
# Then use it in requests:
curl -X GET {{BASE_URL}}/portfolio \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json"
Using Tokens in Requests
Include your JWT token in the Authorization header of every API request:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Complete Request Example
const axios = require("axios");
const jwt = require("jsonwebtoken");
const clientId = "your-client-id";
const secretKey = "your-secret-key";
// Generate token
const token = jwt.sign(
{
clientId: clientId,
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 900,
},
secretKey,
);
// Make authenticated request
const response = await axios.get(
"{{BASE_URL}}/portfolio",
{
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
},
);
console.log(response.data);
Token Expiration
Tokens expire after 15 minutes(Self defined). When a token expires:
- The API will return a
401 Unauthorizedresponse - You must generate a new token
- Implement token refresh logic in your application
Handling Token Expiration
async function makeAuthenticatedRequest(url, method = "GET", data = null) {
let token = generateToken(clientId, secretKey);
try {
const config = {
method,
url,
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
};
if (data) config.data = data;
return await axios(config);
} catch (error) {
if (error.response?.status === 401) {
// Token expired, generate new one and retry
token = generateToken(clientId, secretKey);
const config = {
method,
url,
headers: {
Authorization: `Bearer ${token}`,
"Content-Type": "application/json",
},
};
if (data) config.data = data;
return await axios(config);
}
throw error;
}
}
Security Best Practices
- Never expose your secret key - Keep it secure and never commit to version control
- Use environment variables - Store credentials in environment variables
- Rotate credentials regularly - Change your secret key periodically
- Use HTTPS only - Always use HTTPS for API requests
Troubleshooting
"Invalid Token" Error
- Verify your
clientIdmatches your credentials - Check that your secret key is correct
- Ensure the token hasn't expired
- Verify the token is properly formatted in the Authorization header
"Token Expired" Error
- Generate a new token
- Implement automatic token refresh in your application
- Check your server's time synchronization
"Unauthorized" Response
- Confirm your credentials are correct
- Verify the Authorization header is properly formatted
- Check that you're using the correct environment URL