All API calls must use HTTPS and be authorized. Here are the required steps:

  1. To authorize a request you need these values:

    • secret - received when approved as a Comeet partner.
    • api-key - received from a Comeet customer when the integration is activated.
  2. Generate a token by encoding the account's api-key with your secret using JWT. You can use one of the many JWT libraries available.

  3. Include the Authorization header with all of your HTTP requests using the syntax:
    Authorization: Bearer <token>

See the following sample code for generating the token.

# using pyjwt

import jwt
import time

expiration_time = time.time() + 600 # 10 minutes
token = jwt.encode({'iss': 'API_KEY', 'exp': expiration_time},
// using

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

import java.util.Date;

// ...

String API_SECRET = "API_SECRET"; // Put the Api Secret here
String API_KEY = "API_KEY"; // Put the Api Key here

Date expirationTime = new Date(new Date().getTime() + 10 * 60 * 1000); // 10 minutes buffer
Key key = Keys.hmacShaKeyFor(API_SECRET.getBytes("UTF-8"));

String jwsToken = Jwts.builder()
 .claim("iss", API_KEY)