GET
/v2/authGet Session Token
Obtain a SessionToken for all secured endpoints. Send header X-AUTH-TOKEN: a JWT signed with your client secret (HS256) using this payload:
{
"ClientID": "YOUR_CLIENT_ID",
"iat": CURRENT_TIMESTAMP,
"exp": CURRENT_TIMESTAMP + 30 * 60 * 60 * 24
}Headers
| Field | Type | Required | Possible values | Description |
|---|---|---|---|---|
X-AUTH-TOKEN | string | Required | Bearer {JWT_TOKEN} | Client JWT for authentication (HS256). Payload must include ClientID, iat (issued at), and exp (expiry). |
Response
| Field | Type | Possible values | Description |
|---|---|---|---|
ResponseCode | integer | 200 | 201 | 204 | 400 | 401 | 403 | 404 | 410 | 422 | 500 | 301 | 503 | 422 | API result code in the response envelope. Indicates success or the error category (e.g. 200 success, 400 bad request, 401 unauthorized). |
ResponseMessage | string | Success | Created | NoContent | BadRequest | Unauthorized | Forbidden | NotFound | Gone | UnprocessableContent | ServerError | ResourceMoved | ServiceUnAvailable | UnProcessableEntity | Human-readable label paired with ResponseCode (e.g. Success, BadRequest, Unauthorized). Use with ResponseCode to interpret the outcome. |
ResponseData | object | Please refer to below example for response body | Session token to authenticate secured endpoints. Valid for 15 minutes. |
Example response
{
"ResponseCode": 200,
"ResponseMessage": "Success",
"ResponseData": {
"SessionToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJDbGllbnRJRCI6ImRlY2EzNWZkLTMzMGItNDA2My04ZmRhLWZjMGQxYjYxMDcyYyIsImlhdCI6MTYzNzgzNjg4MiwiZXhwIjoxNjM3ODM3NzgyfQ.9c97iKdf-IAdvVz7O_QvjB-zL7e4OQAEukBCD3qXIa8"
}
}SessionToken returned from the API is valid for 15 minutes.
The x-refresh-token header will be present in the other endpoints before 2 minutes of the current token expiry, the same can be replaced with existing one.
Note that calls to the secured endpoints requires the same IP address that was used to obtain the session token.