Skip to content

Authentication

To access our APIs, authentication via Bearer tokens is required. These tokens can be generated by creating API keys through the dashboard. Once generated, signing the keys allows access to the APIs with the assigned scopes. This process ensures secure and authorized use of our services.

Generating a JWT Bearer Token

Once an API key is created, a JWT Bearer token can be generated by signing the key. This token is then used to authenticate requests to the APIs.

To generate a JWT Bearer token, signing an API key using the ES256 algorithm is required, along with the name and privateKey from the downloaded API Key JSON file. The following code snippets demonstrate how to create a JWT Bearer token in various programming languages.

createAuthToken.js
const { sign } = require("jsonwebtoken");
const crypto = require("crypto");

export const createAuthToken = () => {
  const keyName = "org/{org-id}/apiKey/{api-key-id}"; // Replace with `name`
  const keySecret = "-----BEGIN PRIVATE KEY-----XXXXXXXXXXXX-----END PRIVATE KEY-----"; // Replace with the `privateKey`.
  const serviceName = "developer-api";
  
  const now = Math.floor(Date.now() / 1000)

  const payload = {
    aud: [serviceName],
    iss: "openfx",
    sub: keyName,
    iat: now,
    nbf: now,
    exp: now + 120, // Max 2 minutes allowed
  };

  const options = {
    header: {
      alg: "ES256",
      kid: keyName,
      nonce: crypto.randomBytes(16).toString("hex"),
    },
  };

  const token = sign(payload, keySecret, options);

  return token;
};

Run the code to generate the JWT Bearer token.

Note

Retrieve the organization ID from the orgId parameter and the private key from the privateKey parameter in the JSON file downloaded during API key creation.

Using the JWT Bearer Token

Once the JWT Bearer token is generated, it can be used to authenticate requests to the APIs. To do this, the token must be included in the Authorization header of the requests. The following is an example of how to include the token in a request using cURL:

curl -L "https://api.openfx.com/v1/<required-route>" -H "Authorization: Bearer {JWT_Bearer_Token}"

Replace {JWT_Bearer_Token} with the generated token.

Important
  • JWT Bearer tokens expire in 2 minutes after generation. A new token must be generated for continued API access.
  • Setting longer expiry time using exp is not allowed.
  • A unique JWT must be generated for each API request; reuse of tokens is not permitted.
Previous page
Next page