All API calls must use HTTPS and be authorized. Here are the required steps:
- To authorize a request you need these values:
* `secret` - received when approved as a Comeet partner.
* `api-key` - received from a Comeet customer when the integration is activated.
-
Generate a
tokenby encoding the account'sapi-keywith yoursecretusing JWT. You can use one of the many JWT libraries available. -
Include the
Authorizationheader with all of your HTTP requests using the syntax:
Authorization: Bearer <token>
See the following sample code for generating the token.
# using pyjwt
import jwt
import time
expiration_time = time.time() + 600 # 10 minutes
token = jwt.encode({'iss': 'API_KEY', 'exp': expiration_time},
'API_SECRET',
algorithm='HS256')
// using https://www.jsonwebtoken.io/
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.util.Date;
import java.security.Key;
// ...
String API_SECRET = "API_SECRET"; // Put the Api Secret here
String API_KEY = "API_KEY"; // Put the Api Key here
Date expirationTime = new Date(new Date().getTime() + 10 * 60 * 1000); // 10 minutes buffer
Key key = Keys.hmacShaKeyFor(API_SECRET.getBytes("UTF-8"));
String jwsToken = Jwts.builder()
.claim("iss", API_KEY)
.setExpiration(expirationTime)
.signWith(
key,
SignatureAlgorithm.HS256
)
.compact();