API Security Overview

Before you can use the VikingCloud Portal APIs, you must have a VikingCloud Portal user account that has been provisioned for use of the API(s) that correspond to the products you want to use the API with. For WRM, please send an email to WRMSupport@vikingcloud.com to request read and/or write API access for an existing user account, or new user account. A new user account that is used exclusively for API access is a recommended best-practice.

Authentication

Tokens

All requests to VikingCloud Portal APIs require authentication for requests. As a general rule, unless specified otherwise, VikingCloud Portal APIs support Bearer authentication using JWTs (JSON Web Tokens). All VikingCloud Portal accounts that are enabled for one or more APIs have access to the Token API. The tokens created using the Token API can be used with all VikingCloud Portal API applications.

The following pages will cover how to obtain a token and how tokens should be used in requests to APIs.

Authorization

Because JWTs are issued per user, backend services will use this user to look up the various permissions that the user has. By default, APIs will only allow users with the required permissions to execute that API.

Examples:

• api:wrm:merchant:edit
• api:wrm:merchant:read
• api:wrm:sponsor:edit
• api:wrm:sponsor:read

Since these permissions are provisioned by product support, contact VikingCloud support if you are having difficulty accessing a particular API that you believe you should have access to. For WRM, send an email to: WRMSupport@vikingcloud.com.