Authorization

All API calls must use HTTPS and be authorized. Here are the required steps:

  1. To authorize a request you need these values:
* `secret` - received when approved as a Comeet partner.
* `api-key` - received from a Comeet customer when the integration is activated.
  1. Generate a token by encoding the account's api-key with your secret using JWT. You can use one of the many JWT libraries available.

  2. Include the Authorization header with all of your HTTP requests using the syntax:
    Authorization: Bearer <token>

See the following sample code for generating the token.

# using pyjwt

import jwt
import time

expiration_time = time.time() + 600 # 10 minutes
token = jwt.encode({'iss': 'API_KEY', 'exp': expiration_time},
                   'API_SECRET',
                   algorithm='HS256')
// using https://www.jsonwebtoken.io/

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;

import java.util.Date;
import java.security.Key;

// ...

String API_SECRET = "API_SECRET"; // Put the Api Secret here
String API_KEY = "API_KEY"; // Put the Api Key here

Date expirationTime = new Date(new Date().getTime() + 10 * 60 * 1000); // 10 minutes buffer
Key key = Keys.hmacShaKeyFor(API_SECRET.getBytes("UTF-8"));

String jwsToken = Jwts.builder()
 .claim("iss", API_KEY)
 .setExpiration(expirationTime)
 .signWith(
 key,
 SignatureAlgorithm.HS256
 )
 .compact();