REST API calls must be authenticated using a custom HTTP header: X-STRINGEE-AUTH or URL Parameter: access_token along with a JSON web token.
HEADER:
{
"typ": "JWT",
"alg": "HS256",// only support HS256
"cty": "stringee-api;v=1"
}
PAYLOAD:
{
"jti": "SK...-...",//JWT ID
"iss": "SK...",//API key sid
"exp": ...,//expiration time
"rest_api": true
}
VERIFY SIGNATURE:
HMACSHA256(
base64UrlEncode(HEADER) + "." +
base64UrlEncode(PAYLOAD),
apiKeySecret
)
The values:
iss: API key SID generated by Stringee
jti: the identify of the token, can be generated by: apiKeySid_timestamp
exp: the expired time of the token (in second)
apiKeySecret: API key secret generated by Stringee
POST /v1/call HTTP/1.1
Host: https://api.stringee.com
X-STRINGEE-AUTH: YOUR_ACCESS_TOKEN
Accept: application/json
{
...
}
POST /v1/call?access_token=YOUR_ACCESS_TOKEN HTTP/1.1
Host: https://api.stringee.com
Accept: application/json
{
...
}