This article will walk you through the process of authenticating against our API using JSON Web Token. JWT is a secure and compact method for exchanging claims between two parties and is commonly used for API authentication due to its simplicity and scalability. By following this guide, you will learn how to obtain and utilize JWT tokens to access protected resources within Shopery's API.
Before you begin, make sure you meet the following prerequisites:
- Basic understanding of APIs and HTTPS protocols.
- Access to Mustang, including a valid account and username/password combination.
- A programming language or tool capable of making HTTP requests (e.g., cURL, Postman, etc.).
Authentication Process:
Step 1: Obtain JWT Token
To authenticate against our API, you need to obtain a valid JWT token. This involves making an initial request to the authentication endpoint with your credentials.
Step 2: Make an Authentication Request
Using your preferred method for making HTTP requests, create a request to the API's authentication endpoint. This endpoint requires a payload with your username and password, along with a special header called x-tenant-id.
Example cURL request:
curl -X POST \
-H "Content-Type: application/json" \
-H "x-tenant-id: your_tenant_id" \
-d '{"loginId":"your_username","password":"your_password"}' \
https://api.shopery.app/login
Regarding TENANT_ID
The TENANT_ID will be provided by Shopery.
Step 3: Handle the Authentication Response
Upon a successful authentication request, Shopery's API will respond with a JSON object containing the JWT token. Extract the token from the response and securely store it. Here is an example response:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE2MzA0MTA1NTQsImV4cCI6MTYzMDQxNDE1NCwiY2xpZW50SWQiOiIzZDhmNmRkNS01ZmU5LTQ4ZjYtYWYzYy01NzNiMzU5NDU5MTEifQ.wnbvUK3jSUtQ4Cm9D9TvBiOxTWE2_Q13E5oW6z4Qb_1szgcBV5LVeeUxRVJfyi_QwJYU-3fhtOJEuCi3aDZVl0atQJqSYj6ZD9Ttuv4HH0IM1chAo1OKsJwZypOcyW66MERUd55AOy8aXGGzsaYe59-X2qKOJOdv9uKctf6LcWHKAC8J3z9vI9zu0XGgg9sA_rYYmwPNLHfGlUbcRELOMZENHtcB3_CfX-JZ191ktlF5iidD__qAXEEJ6e6dRxmv-XdxTJjtGqvx1sYSRYzGvI9N8B3K80qj1AzmSWkxTjwJLYMiHGK98bkDnAN8a3ASSkoOk3F6LfjEprw7ketTXg",
"refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE2MzQ3NDI3NzIsImV4cCI6MTYzNzMzNDc3MiwiaWQiOiJyZnRfMDFGSkY0NjhETTY3SzJFUlBBNzg4N0paOEIiLCJjbGllbnRJZCI6InVzcl8wMUZHOFdBUE5NVEJZVkQyMkMwRENRQjdZMyIsImNoYWluRXhwIjoxNjY2Mjc4NzcyLCJjaGFpbklkIjoicmZ0Y2hfMDFGSkY0NjhETTY3SzJFUlBBNzg4N0paOEMifQ.zlT1_xU3x7rODHTeq1f8J8LXLaE2VBJSIre4EG6SkVJbazeR3_a4jibB2rAM8wCE5OYCz5kAcKe2zBI-eosvD5GPlkN59i4xdia74IxDMaIb4e5QgUr8_7CFTSkDIaxkgYDEuZxEbp81W3DwM-caLvIoF637tPueGSahT7h_4lLgNa5o8xxlffnWZHXoUOD2IF7giJw-wIk0p4_PWlLXGDpb30TtIMs-aNmJV4caB51Js4CyukDAnwUvTcGBAidkyGUEdtBggjJt0tlFN_w10670Ya4cAXtWfyZ2tgNo1e-q0TD-mdXFmLHd4syZc7J-x2XBlH5ZOKfS0p9NKhkWGA"
}Save the value of the token for future API requests.
Step 4: Include the JWT Token in API Requests
For each subsequent request to Shopery API's protected resources, include the JWT token in the Authorization header using the Bearer scheme. Here is an example cURL request:
curl -X GET \
-H "Authorization: Bearer your_jwt_token" \
-H "x-tenant-id: your_tenant_id" \
https://api.shopery.app/carts
Replace your_jwt_token with the actual JWT token you obtained earlier.
Step 5: Verify Token Expiration
JWT tokens typically have an expiration time defined. Before making an API request, check the token's expiration date to ensure continued access. If the token has expired, repeat the authentication process to obtain a fresh token.
🚨 Following the steps outlined in this guide, you can authenticate against an API using JWT tokens. Remember to handle and store the token securely to prevent unauthorized access. For specific details on the authentication endpoint, payload format, and any additional requirements, refer to the API documentation. If you encounter any issues during the authentication process, please don't hesitate to contact us.
