All API calls must use HTTPS and be authorized. Here are the required steps:

  1. To authorize a request you need these values:

    • secret - received when approved as a Comeet partner. See Getting Access - Become a Partner)
    • api-key - received from a Comeet customer when the integration is activated.
  2. Generate a token by encoding the account's api-key with your secret using JWT. You can use one of the many JWT libraries available, see on the right an example using pyjwt.

  3. Include the Authorization header with all of your HTTP requests using the syntax:
    Authorization: Bearer <token>

See the following sample code for generating the token.

# using pyjwt

import jwt
import time

expiration_time = time.time() + 600 # 10 minutes
token = jwt.encode({'iss': 'API_KEY', 'exp': expiration_time},
                   'API_SECRET',
                   algorithm='HS256')
// using https://www.jsonwebtoken.io/

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;

import java.util.Date;
import java.security.Key;

// ...

String API_SECRET = "API_SECRET"; // Put the Api Secret here
String API_KEY = "API_KEY"; // Put the Api Key here

Date expirationTime = new Date(new Date().getTime() + 10 * 60 * 1000); // 10 minutes buffer
Key key = Keys.hmacShaKeyFor(API_SECRET.getBytes("UTF-8"));

String jwsToken = Jwts.builder()
 .claim("iss", API_KEY)
 .setExpiration(expirationTime)
 .signWith(
 key,
 SignatureAlgorithm.HS256
 )
 .compact();