Skip to main content
Version: v1

Authentication

ABS uses standard JWT tokens for authentication.

We use the HS256 encryption format and will assign a partner id to be sent as a JWT claim. Think of the way we use JWTs as modern API keys without the security exposure of basic authentication. JWTs can be created by most web development libraries and can be tested out at sites like this one:

https://jwt.io/#debugger-io

If your systems are not equipped to handle JWT token-based authentication, please contact us to discuss simpler but less secure options.

ABS will assign each partner a client secret (a long string of random numbers) and a partner id.

Using standard web development libraries, the partner will generate a JWT token using the assigned secret with partnerid:<your partnerid> and claimdate: <current date in YYYY-MM-DD format> in the claims (a standard in JWT).

The partner will call the API with a standard HTTP POST that has the following Headers set:

header 'Authorization: Bearer <JWT Token>'
header 'Content-Type: application/json'

If anything goes wrong with the Authentication the API will return 401 (Unauthorized)

To obtain your client secret and partner ID, please reach out to us at engineering@abswarranty.net.

To authorize use one of the following examples:

Go Example

package main

import (
  "fmt"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "api_endpoint_here"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }

  req.Header.Add("Authorization", "Bearer {JWT}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Shell Example

# With shell, you can just pass the correct header with each request
curl "api_endpoint_here" \
  -H "Authorization: Bearer {JWT}"

Ruby Example

require "uri"
require "net/http"

url = URI("api_endpoint_here")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

request["Authorization"] = "Bearer {JWT}"

response = http.request(request)
puts response.read_body

Python Example

import requests

url = "api_endpoint_here"

payload={}
headers = {

  'Authorization': 'Bearer {JWT}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Javascript Example

var axios = require('axios')

var config = {
  method: 'get',
  url: 'api_endpoint_here',
  headers: {
    Authorization: `Bearer {JWT}`,
  },
}

axios(config)
  .then(function (response) {
    console.log(JSON.stringify(response.data))
  })
  .catch(function (error) {
    console.log(error)
  })

Make sure to replace `{JWT}` with your JWT token.