Authorization

For making and verifying requests, you need these values:

  • secret - received from Comeet when approved as a Comeet partner. See Getting Started: Integration Partners.
  • api-key - received from a Comeet customer when the integration is activated.

Verify a request from Comeet

When Comeet makes a request to an endpoint that you provide you must verify the request.

  1. The Authorization header is included with the HTTP requests using the following syntax:
    Authorization: Bearer <token>

  2. Decode the token with your secret using JWT. The result must be identical to the api-key. You can use one of the many JWT libraries available online. If it is not identical then fail the request.

Make a request to Comeet

To make a request to Comeet you must authorize the request.

  1. Generate a token by encoding the account's api-key with your secret using JWT. You can use one of the many JWT libraries available, see code examples here.

  2. Include the Authorization header using the syntax:
    Authorization: Bearer <token>