Token Generation

You will require API KEY and API SECRET to generate a bearer token successfully. OpenAPI uses a JWT token to authenticate and encrypt each API request.

Sample Token

TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQYXJ0bmVySUQiOiJjaGVsc2VhIiwiQWNjb3VudE51bWJlciI6IjA4MTMzOTM3MjM4OSIsIlByb2R1Y3RDb2RlIjoiUFJFUEFJRCJ9.s8hfKYCJzTm17gydB5zaOd0Mc2MWT/qXyacdWCWBpBQ

In the above example, the token is broken down into three parts:

headerheader payload in JSON format BASE64 encodedeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
bodybody payload in JSON format BASE64 encodedeyJQYXJ0bmVySUQiOiJjaGVsc2VhIiwiQWNjb3VudE51bWJlciI6IjA4MTMzOTM3MjM4OSIsIlByb2R1Y3RDb2RlIjoiUFJFUEFJRCJ9
bearercombination of header part and body part encrypted using HS256 with API Secret as the keys8hfKYCJzTm17gydB5zaOd0Mc2MWT/qXyacdWCWBpBQ

The above then is constructed to create the API Token as below:

The Header part of the.TOKEN specifies the type of encryption and token generation method. This will be the same for all API requests for that version.

This becomes the first part of the token.


Base64 encrypt the Header

echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//

The body part of the payload depends on the API end_point that is being called. Details on the different end_point and their payloads are defined in the sections below.

Sample Body Payload

  "partnerId": "AG7745",
  "AccountNumber": "081211111111",
  "ProductCode": "PUTK10"

Base64 encrypt for the Body Payload

echo -n '{"partnerId":"AG7745","AccountNumber":"081211111111","ProductCode":"PUTK10"}' |  base64 | sed s/\+/-/ | sed -E s/=+$//

Bearer is created by apply HS256 encrption to the header and body BASE64 strings with the api_secret key.

Sample Bearer

echo -n 'eyJhbGciInR5cCI6IkpXVCJ9.eyJQYXJ0bmVySUQiOiJjaGVsc2VhIiwiQWNjb3VudE51bWJlciI6IjA4MTMzOTM3MjM4OSIsIlByb2R1Y3RDb2RlIjoiUFJFUEFJRCJ9.s8hfKYCJzTm17gydB5zaOd0Mc2MWT/qXyacdWCWBpBQ' | openssl dgst -sha256 -hmac secret_key -binary | openssl base64 -e -A | sed s/\+/-/ | sed -E s/=+$//

Go to JWT and verify the JWT token, including the signature