[STEP3] Issuing and Utilizing WG Product Authentication Keys
In [STEP2] Setting Up the Widget, we will explore the methods for generating tokens and utilizing authentication keys to apply the URL created to the service.
Understanding Authentication Keys
(1) What is an Authentication Key?
An authentication key is a mechanism that allows users to safely utilize the Waiker data products they have purchased. The authentication key is provided only to users who have purchased Waiker products, and a separate key is provided for each product.
(2) Authentication Key System
To use Waiker products, a total of 3 keys issued from the dashboard are required, and there is a separate set of keys for each product. To use the service, Product Key, Secret Key, and User Key are required. These keys are issued directly by Waiker upon product purchase after registration and can be checked through the dashboard.
(3) Understanding Each Authentication Key
The descriptions of each key are as follows. In the case of WG products, there is no need to use the key directly; it is used internally by Waiker.
- Product Key: Refers to the product provided by Waiker. A separate Product Key is provided for each product.
- Secret Key: Mapped 1:1 with the Product Key and used for signing the JWT token.
- User Key: The User Key used in the JWT token. This key is used to check which user is accessing. If you are using only the API, you can use the issued User Key, and if you are using the widget, you can obtain a User Key each time you use it.
- JWT: A required token value needed when using the widget.
Utilizing Authentication Key
(1) Creating an Authenticated Request
REST API Request Format
The REST API is requested via HTTPS.
To request the API, you must include the authentication information in the header of the request.
Token Generation Method
When using all of Waiker's products, the following official transmission method is followed.
Two fields are added to the HTTP HEADER. : Waiker Product Key, Waiker JWT Token
- Waiker-Product-Key :
- Authorization :
Bearer <token>
Waiker-Product-Key
Waiker-issued Product-Key: The issued key is sent in the header format above.
JWT Token
This is a JWT token signed with the Secret Key using the User Key issued by Waiker.
The signing method uses HS256, and the secret used for the signature is the issued Secret Key. The structure of the Payload is as follows.
{
"userKey": "8733345d60474a6f9aa6c980fbbd1ca0"
}
Example of Extracting a JWT Token
const jwt = require('jsonwebtoken')
const payload = {
userKey: 'Issued User Key',
}
const jwtToken = jwt.sign(payload, 'Issued Secret Key')
const authorizationToken = `Bearer ${jwtToken}`
# Python 3
import jwt # PyJWT
payload = {
'userKey': 'Issued User Key'
}
jwt_token = jwt.encode(payload, 'Issued Secret Key')
authorization_token = 'Bearer {}'.format(jwt_token)
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
public class OpenApiSample {
public static void main(String[] args) {
String userKey = "Issued User Key";
String secretKey = "Issued Secret Key";
Algorithm algorithm = Algorithm.HMAC256(secretKey);
String jwtToken = JWT
.create()
.withClaim("userKey", accessKey)
.sign(algorithm);
String authenticationToken = "Bearer " + jwtToken;
}
}
Open API Validation
Waiker validates through three steps.
- Waiker Product Key Validation: Validates whether the Product Key received through the header is valid.
- JWT Token Validation: Checks whether the signature information of the JWT token is valid and verifies if the userKey is valid.
- API Limit Check: Checks whether the request is within the allowed call limit.
:::
(2) Go to the Key Management Page
Dashboard > Management > Key Management Menu
(3) Utilizing the Authentication Key
You can check the Product Key and JWT on the dashboard's Key Management page and use the corresponding values in the URL you copied from [STEP2] Setting Up the Widget.
👍 Result When the URL is Successfully Copied in Setting Up WG Products
https://ux-solution.waiker.ai/insider-transaction?country=KR¤cy=usd&color-theme=light&product-key=YOUR_KEY&jwt=YOUR_JWT