Access Token Authentication¶
1. JWT Token¶
A JWT token is a time-limited authentication credential that expires after 24 hours. To maintain access, you must request a new token before the current one expires.
1.1. Getting a Token¶
URL endpoint: https://stamps.co.id/api/auth/get-access-token/
Allowed method: POST
Requires authentication:
A. Request¶
You can get a new token by calling the API with the these data
Parameter |
Required |
Description |
|---|---|---|
token |
Yes |
Authentication string |
crm_merchant_id |
Yes |
Merchant ID indicated which merchant will the user access |
Here’s an example of an API call using cURL.
$ curl \
-X POST \
-H "Content-Type: application/json" \
-d '{"token": "23095sgtr95402mkdls954002", "crm_merchant_id": 1}' \
https://stamps.co.id/api/auth/get-access-token/
B. Response¶
Stamps will give you a time limited JWT token that can be used to access our other APIs.
Variable |
Description |
|---|---|
access_token |
Token that can be used to access Stamps APIs. |
Example of access token is below:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjU3MzMyNjE2LCJpYXQiOjE2NTcyNDYyMTYsImp0aSI6IjRlYWRjNDAxNGQwZDRkNzc4NjkxYjg0ZDU3MGE2ZGFmIiwidXNlcl9pZCI6NTg3MCwibWVyY2hhbnRfaWQiOjF9.b_TiGJEO7mKMT0BFTrF9VjPHjoGrt5Be8FPSgvn-4bY
You can use jwt.io to debug the above token with secret
TESTJWTYou can then use this token as your authorization header as:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjU3MzMyNjE2LCJpYXQiOjE2NTcyNDYyMTYsImp0aSI6IjRlYWRjNDAxNGQwZDRkNzc4NjkxYjg0ZDU3MGE2ZGFmIiwidXNlcl9pZCI6NTg3MCwibWVyY2hhbnRfaWQiOjF9.b_TiGJEO7mKMT0BFTrF9VjPHjoGrt5Be8FPSgvn-4bY
1.2. Access Token Verification¶
URL endpoint: https://stamps.co.id/api/auth/verify-token/
Allowed method: POST
Requires authentication: Yes
You can verify whether your access token is valid via this API end point.
A. Request¶
You can verify a token by calling the API with this header
Parameter |
Required |
Description |
|---|---|---|
Authorization |
Yes |
JWT Bearer token |
Here’s an example of an API call using cURL.
$ curl \
-X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjU3MzMyNjE2LCJpYXQiOjE2NTcyNDYyMTYsImp0aSI6IjRlYWRjNDAxNGQwZDRkNzc4NjkxYjg0ZDU3MGE2ZGFmIiwidXNlcl9pZCI6NTg3MCwibWVyY2hhbnRfaWQiOjF9.b_TiGJEO7mKMT0BFTrF9VjPHjoGrt5Be8FPSgvn-4bY" \
https://stamps.co.id/api/auth/verify-token/
B. Response¶
This will return the payload of JWT Token:
{
"token_type": "access",
"exp": 1657332616,
"iat": 1657246216,
"jti": "4eadc4014d0d4d778691b84d570a6daf",
"user_id": 5870,
"merchant_id": 1
}
2. Static Token¶
A static token is a permanent authentication credential that never expires. Simply include the static token in the Authorization header of your API requests.
Here’s an example of an API call using cURL.
curl --request POST \
--url https://stamps.co.id/api/ping \
--header 'Authorization: Token <token>' \
--header 'content-type: application/json'