Generating JWT Token
Vendy authenticates your API request using JWT token generated upon successful authentication of your (email|username) and password. To use any Vendy API, you must first call the /auth
endpoint with your base 64 encoded username and password to form a basic authorization header entry. Upon successful authentication, a time bound JWT token will be generated and sent back to you in the token
response attribute
You will be required to include the JWT token in subsequent request to the API as part of;
Authorization: Bearer <token>
When architecting your system please be aware that the generated JWT tokens have a 7day expiry time, as indicated in the expiryTime
response attribute.
We require that all requests are sent server-to-server. Your app or website should never be directly communicating with the Vendy APIs, as your private connection keys may be exposed in transit. All request are required to be made via an HTTPS connection; requests made over plain HTTP will fail.
Example Request
curl --location --request POST 'https://api.vendy.money/auth' \
--header 'Authorization: Basic <base64(username:password)>' \
--data-raw '{}'
Example response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"status": true,
"code": 200,
"msg": "Logged In successfully",
"data": {
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsImlhdCI6MTYzNTcwNjEyNiwiZXhwIjoxNjM2OTE1NzI2LCJpc3MiOiJodHRwczovL3dlcGF5ZWFzeS5jb20vIiwianRpIjoiNWM3NjZhZmEtMDQ1My00NGQ5LWJhYWEtOGNiZTBlNzkzM2QwIn0.P72zzvlxEsTnXI3JQ_pjkDrycrCu1X6ahDsSbHk2Qf4P0EHZOB5JOKWQ_JYqAsBlIjGNn45ra3U0UyLbGsNU6YhNF_7-g3KG9Kdh-9YMg5x9bgeu6-wbzh1iwwrbBgjtNYU70TU0a64l3kAG2eXRv9oJFRGxMOOnExVk1hgKjLM",
"expiryTime": "Fri, 25 Nov 2022 16:31:41 GMT"
}
}
The Authorization data are;
Field | Type | Description |
---|---|---|
Username | string | The user's username on Vendy |
Password | string | The user's password on Vendy |
Possible errors;
Error Code | Description |
---|---|
400 (Bad request) | The user failed to enter a password and receives an error message that says "data invalid." Required fields were invalid, and not specified. |
401 ( Unauthorized) | The user inputs an incorrect password and receives an error message that says "incorrect password". |
401 (Unauthorized) | The user is unable to activate their accounts and receives an error message stating "Account has not been activated. Check your email for instructions on how to activate it!" |