Using the VikingCloud JWT Token
Once a user has obtained a JWT, that JWT should be included in requests to our product APIs.
Sending the Token in API Requests
In the Token API response body, you will find a field called the idToken. This JWT should be passed in all requests to our APIs in the Authorization header, prefixed with the word "Bearer ".
See the below diagram and sample requests for a demonstration of obtaining a token and using it for authenticating API requests
Authentication Workflow
Example requests
The following is a set of example requests using cURL:
Step 1: Exchange credentials for token response
- Payload
- curl
- Python
- Node.js
application/json
{- "username": "john@doe.com",
- "password": "foobar"
}returns
{
"accessToken": "ey...",
"expiresIn": 3600,
"idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"refreshToken": "ey...",
"tokenType": "Bearer"
}Step 2: Use idToken value in Authorization header
curl -i -X GET \
'https://api.vikingcloud.com/wrm/v1/sponsors?sponsorId=0' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'How long can I use the same JWT?
JWTs can be used until their expiration time. See Authentication Overview for more information on how to determine a token's expiration time