Using the VikingCloud JWT Token
Once a user has obtained a JWT, that JWT should be included in requests to our product APIs.
Sending the Token in API Requests
In the Token API response body, you will find a field called the idToken
. This JWT should be passed in all requests to our APIs in the Authorization header, prefixed with the word "Bearer ".
See the below diagram and sample requests for a demonstration of obtaining a token and using it for authenticating API requests
Authentication Workflow
Example requests
The following is a set of example requests using cURL:
Step 1: Exchange credentials for token response
- Payload
- curl
- Python
- Node.js
application/json
{- "username": "john@doe.com",
- "password": "foobar"
}
returns
{
"accessToken": "ey...",
"expiresIn": 3600,
"idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"refreshToken": "ey...",
"tokenType": "Bearer"
}
Step 2: Use idToken value in Authorization header
curl -i -X GET \
'https://api.vikingcloud.com/wrm/v1/sponsors?sponsorId=0' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
How long can I use the same JWT?
JWTs can be used until their expiration time. See Authentication Overview for more information on how to determine a token's expiration time