Authentication

All the open APIs use a single authentication scheme: a Bearer JWT passed in the HTTP request header.

To obtain the access to open APIs, users have to do the following:

  1. Use app_id and app_secret to call login to get the JWT.

  2. Add the Authorization: Bearer {JWT} in the request header to call the corresponding API. The corresponding example can refer to sample.

Note: app_id and app_secret are obtained from Rainbow Console.

The Bearer JWT is valid for one hour to call open APIs. Once the token is expired for one hour, users have to call Refersh JWT to obtain a new JWT. The corresponding example can refer to sample.

Note: Bearer JWT is valid for five hours to call Refersh JWT. Once the token is expired for five hours, users have to call login again.

To debug various error codes related to authentication, please see Error codes.

Last updated