[STEP2] Utilizing the Authentication Key
Format for Authentication Request
To request the REST API and WebSocket, you must include the authentication information in the header of the request.
The HTTP HEADER requires the following two fields: (Waiker Product Key, Waiker JWT Token).
- Waiker-Product-Key : [Product Key]
- Authorization : Bearer [JWT Token]
Waiker-Product-Key
Use the Product Key among the authentication keys issued after purchasing the product.
JWT Token
Generate a JWT token using the User Key and Secret Key among the authentication keys issued after purchasing the product.
Token Generation Method
The signing method uses HS256, and the secret used for the signature is the issued Secret Key. The structure of the Payload is as follows.
{
"userKey": "8733345d60474a6f9aa6c980fbbd1ca0"
}
Example of Extracting a JWT Token
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
public class OpenApiSample {
public static void main(String[] args) {
String userKey = "Issued User Key";
String secretKey = "Issued Secret Key";
Algorithm algorithm = Algorithm.HMAC256(secretKey);
String jwtToken = JWT
.create()
.withClaim("userKey", userKey)
.sign(algorithm);
String authenticationToken = "Bearer " + jwtToken;
}
}
const jwt = require('jsonwebtoken')
const payload = {
userKey: 'Issued User Key',
}
const jwtToken = jwt.sign(payload, 'Issued Secret Key')
const authorizationToken = `Bearer ${jwtToken}`
# Python 3
import jwt # PyJWT
payload = {
'userKey': 'Issued User Key'
}
jwt_token = jwt.encode(payload, 'Issued Secret Key')
authorization_token = 'Bearer {}'.format(jwt_token)
Open API Validation
Waiker validates through three steps.
- Waiker Product Key Validation: Validates whether the Product Key received through the header is valid.
- JWT Token Validation: Checks whether the signature information of the JWT token is valid and verifies if the userKey is valid.
- API Limit Check: Checks whether the request is within the allowed call limit.