Authentication

JWT Bearer token

With each request to API we need to send an authorization token. This token is a JWT Bearer token.

The first step in creating JWT tokens is to create a secret key that will be used to sign the tokens. For this we need to generate them from Creatopy App on Team Settings > API credentials. The secret key should be kept private and should not be shared with anyone.

For generation of the token we need to have a json payload in which to add the public key. The payload is the data that is encoded in the token. For example, the payload for a request might look like this:

// payload
{
    "clientId": '...publickey...,
    "iat": 1516239022
}

The payload it needs to be signed using the secret key. This can be done using a library like jsonwebtoken. The resulting token will be a long string that can be passed to the client.

const jwt = require('jsonwebtoken');
const token = jwt.sign({ payload }, secretKey);

The client will then send the token back to the server with each request. The server can then validate the token by decoding it and checking the signature using the same secret key.

PreviousGraphQL API NextEndpoints and queries

Last updated 6 months ago