Using a JSON Web Token

An alternative to using your public key is to use a JSON Web Token(JWT). JWTs have a distinct advantage over public-key authentication because they are limited in scope and have a limited duration. They also remove the need to send your API keys to the client, even when a secret key is required for the desired operation.

Getting a JWT

RevOps has a secure endpoint, https://vault.revops.io/token?accountId=, for generating JWTs. You may use either your public or private key. JWTs produced using the public key have a more restricted scope and do not support the updating of existing resources.

$> curl 'https://vault.revops.io/token?accountId=*' \
        -H 'Authorization: Bearer pk_sandbox_<your_api_key>' \
        -H 'Content-type: application/json'

Example token grant

{ 
  "access_token": "(a base64 JWT encoding)",
  "scope":"accounts:list:put accounts:list:post",
  "expires_in": 86400,
  "token_type": "Bearer"
}

The access_token can be provided directly to the revops.js components or be fetched when needed, using a callback to an authentication server. The Build an Auth Server example is helpful for learning how to use a callback to get a new token.

Get in Touch

Have questions, email us at support@revops.io

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Using a JSON Web Token

Getting a JWT

Get in Touch

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally