Sensibill Rest API/com.getsensibill.rest.generated.v2.api/AuthenticationApi/authenticateWithJwt

authenticateWithJwt

@POST(value = "jwtAuthenticate")
abstract suspend fun authenticateWithJwt(@Body jwtAuthenticateRequestDto: JwtAuthenticateRequestDto): Response<JwtAuthenticateResponseDto>

Authentication using JWT Allows clients to authenticate and acquire an access token using a JSON Web Token.

If successful, the response includes a user or client access token which can be used as a session token for other authenticated endpoints in the Sensibill API.

There are two types of access tokens - user tokens and client tokens. Passing in your clientID in the 'sub' claim (or individual ID claim field) of your JWT will return a client access token. Passing a user's access ID in your ID Claim field will return a user access token instead.

Your client account must be configured to allow JWT (please reach out to the Sensibill Support Team). The API supports JWS and JWE as JWT implementations.

JWS currently supports RSA and ECDSA signing algorithms (RS256, RS384, RS512, ES256, ES384, ES512). Public keys for signature verification should be made available through a publicly accessible URL. JWS header must have 'alg' and 'kid' parameters and the payload must have at least 'sub' and 'iat' claims. The 'sub' claim is used to identify either a user or a client. If there is a desire to use another claim for those purposes then it can be configured during the client account setup. JWS implementation also supports 'exp', 'aud', 'iss' and 'scp' claims. If there is a need to validate those claims they should be configured as part of the client account setup.

JWE currently supports RSAES OAEP using default parameters ('alg': RSA-OAEP) for encrypting the Content Encryption Key (CEK) and AES GCM using 256-bit key ('enc': A256GCM) for encrypting the content. Please reach out to the Sensibill Support Team to receive Sensibill’s public key to be used for JWT encryption. JWE’s content is expected to be a JWS conforming to the JWS requirements mentioned earlier.

The response also returns a token_id. This can not be used for authenticating regular requests, but is required for using our query parameter based signature method. Responses:

  • 200: Success. Use the token in the body for other authenticated calls as this user.

  • 400: Bad Request. This will occur if you omit a required parameter, or if you provide an invalid value for a required parameter.

  • 401: Unauthorized. This will occur if the credentials you have provided are invalid.

Return

JwtAuthenticateResponseDto

Parameters

jwtAuthenticateRequestDto