User authentication and authorization is both secure and easy with Pentadata API. We use the industry-standard JWT to authorize every API request.
Cheatsheet
- Ask a valid JWT: POST /subscribers/login
- Use the JWT in the headers: curl -H “Authorization: Bearer $JWT”
Retrieve a Token
To retrieve a valid token use the following endpoint
POST /subscribers/login
with a JSON body composed of email and api_key.
The API will respond with a token, and its expiration timestamp in UTC. It will also give you a “refresh_token” and its expiration timestamp.
- When the token expires, use the refresh token to get a new one (see next section).
- When the refresh token expires too, then you have to log in again with email and api_key.
Refresh Token
The idea is that the you can get a new token without sending every time you email and api_key, that are more sensitive information than a token. When the token expires, just send a request to
POST /subscribers/refresh -H 'Authorization: Bearer <refreshJWT>'
If the “refresh token” is expired too, then you must log in again. All tokens have expiration for security reasons.
Use the JWT
Once you have got a valid JWT, which means you have been both authenticated and authorized, you must use it in the headers of every request you send. The headers of your requests should always be:
-H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT'