In order to retrieve a session Token token, you have to build a valid initializationToken
using your apiSignature
.
It should be signed with you apiSignature, available in your backoffice. It will only work one time.
Note: A list of jwt librabry is avaivalable here.
Token can be verified on https://jwt.io
PHP sample :
//composer require firebase/php-jwt
<?php
use \Firebase\JWT\JWT;
$signature = "monApiSignature";
$criteria=array(
"amount" => 100, // Amount to convert
"cp" => "75000", // User's zipcode
"age" => 40, // User's age
"gender" => "M", // User's gender (M ou F)
"userId" => "u-1234", // User's unique ID
"iat" => time(), // Timestamp in seconds
"notificationKey" => "12345" // A key generate by you allowing to identify transaction
);
$jwt = JWT::encode($criteria, $signature);
?>
Ruby sample :
# sudo gem install jwt
require 'jwt'
signature = "monApiSignature"
criteria = Hash.new
criteria["amount"] = 100 # Amount to convert
criteria["cp"] = "75000" # User's zipcode
criteria["age"] = 40 # User's age
criteria["gender"] = "M" # User's gender (M ou F)
criteria["userId"] = "u-1234" # User's unique ID
criteria["iat"] = Time.now.to_i # Timestamp in seconds
criteria["notificationKey"] = "12345" # A key generate by you allowing to identify transaction
token = JWT.encode criteria, signature, 'HS256'
Node.js sample :
/*
npm install --save jsonwebtoken
*/
var jwt=require('jsonwebtoken');
var signature = "myApiSignature";
var criteria={
amount: 100, // Amount to convert
cp: "75000", // User's zipcode
age: 40, // User's age
gender: "M", // User's gender (M ou F)
userId: "u-1234", // User's unique ID
iat: Math.round(Date.now()/1000), // Timestamp in seconds
notificationKey: "12345" // A key generate by you allowing to identify transaction
};
var token=jwt.sign(criteria,signature);
In order to perform that all our endpoint work with a token authentication connected with a user session.
That sessionToken
will allow you to perfom all actions on our API.
You can retrieve a sessionToken
using our /token
endpoint which is describe here.
This endpoint use your account apiKey
to authenticate you has a platform.
We hardly recommend you to keep this session creation request on your backend to prevent your apiKey
to be accessible to third parties.