Generating JWT Token

Vendy authenticates your API request using JWT token generated upon successful authentication of your (email|username) and password. To use any Vendy API, you must first call the /auth endpoint with your base 64 encoded username and password to form a basic authorization header entry. Upon successful authentication, a time bound JWT token will be generated and sent back to you in the token response attribute

You will be required to include the JWT token in subsequent request to the API as part of;

Authorization: Bearer <token>

When architecting your system please be aware that the generated JWT tokens have a 7day expiry time, as indicated in the expiryTime response attribute.

We require that all requests are sent server-to-server. Your app or website should never be directly communicating with the Vendy APIs, as your private connection keys may be exposed in transit. All request are required to be made via an HTTPS connection; requests made over plain HTTP will fail.

Example Request

curl --location --request POST '' \
--header 'Authorization: Basic <base64(username:password)>' \
--data-raw '{}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

  "status": true,
  "code": 200,
  "msg": "Logged In successfully",
  "data": {
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsImlhdCI6MTYzNTcwNjEyNiwiZXhwIjoxNjM2OTE1NzI2LCJpc3MiOiJodHRwczovL3dlcGF5ZWFzeS5jb20vIiwianRpIjoiNWM3NjZhZmEtMDQ1My00NGQ5LWJhYWEtOGNiZTBlNzkzM2QwIn0.P72zzvlxEsTnXI3JQ_pjkDrycrCu1X6ahDsSbHk2Qf4P0EHZOB5JOKWQ_JYqAsBlIjGNn45ra3U0UyLbGsNU6YhNF_7-g3KG9Kdh-9YMg5x9bgeu6-wbzh1iwwrbBgjtNYU70TU0a64l3kAG2eXRv9oJFRGxMOOnExVk1hgKjLM",
    "expiryTime": "Fri, 25 Nov 2022 16:31:41 GMT"

The Authorization data are;

UsernamestringThe user's username on Vendy
PasswordstringThe user's password on Vendy

Possible errors;

Error CodeDescription
400 (Bad request)The user failed to enter a password and receives an error message that says "data invalid."

Required fields were invalid, and not specified.
401 ( Unauthorized)The user inputs an incorrect password and receives an error message that says "incorrect password".
401 (Unauthorized)The user is unable to activate their accounts and receives an error message stating "Account has not been activated. Check your email for instructions on how to activate it!"
Click Try It! to start a request and see the response here!