Authentication

danger

This version of API authentication has been deprecated and is no longer supported.

ABS uses standard JWT tokens for authentication.

We use the HS256 encryption format and will assign a partner id to be sent as a JWT claim. Think of the way we use JWTs as modern API keys without the security exposure of basic authentication. JWTs can be created by most web development libraries and can be tested out at sites like this one:

https://jwt.io/#debugger-io

If your systems are not equipped to handle JWT token-based authentication, please contact us to discuss simpler but less secure options.

ABS will assign each partner a client secret (a long string of random numbers) and a partner id.

Using standard web development libraries, the partner will generate a JWT token using the assigned secret with partnerid:<your partnerid> and claimdate: <current date in YYYY-MM-DD format> in the claims (a standard in JWT).

The partner will call the API with a standard HTTP POST that has the following Headers set:

header 'Authorization: Bearer <JWT Token>'
header 'Content-Type: application/json'

If anything goes wrong with the Authentication the API will return 401 (Unauthorized)

To obtain your client secret and partner ID, please reach out to us at engineering@abswarranty.net.