Using the VikingCloud JWT Token

Once a user has obtained a JWT, that JWT should be included in requests to our product APIs.

Sending the Token in API Requests

In the Token API response body, you will find a field called the idToken. This JWT should be passed in all requests to our APIs in the Authorization header, prefixed with the word "Bearer ".

See the below diagram and sample requests for a demonstration of obtaining a token and using it for authenticating API requests

Authentication Workflow

Simple Authentication Example

Example requests

The following is a set of example requests using cURL:

Step 1: Exchange credentials for token response

application/json
{
  • "username": "john@doe.com",
  • "password": "foobar"
}

returns

Copy
Copied
{
"accessToken": "ey...",
"expiresIn": 3600,
"idToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"refreshToken": "ey...",
"tokenType": "Bearer"
}

Step 2: Use idToken value in Authorization header

Copy
Copied
curl -i -X GET \
  'https://api.vikingcloud.com/wrm/v1/sponsors?sponsorId=0' \
   --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
How long can I use the same JWT?

JWTs can be used until their expiration time. See Authentication Overview for more information on how to determine a token's expiration time