Authentication
Construct your JWT assertion, then exchange for an access token. We recommend to implement this as a re-usable utility/service. (See access token section).
- The claim and corresponding assertion is required on a per store-owner and thus, per store basis, i.e. you can only book deliveries for a respective store per assertion not for multiple stores.
- Peddler provides separate private keys for each store which takes into account various security considerations.
- We urge you to store private keys securely, utilising your selected key management solution or secure storage vault.
Important
Keys should never be included or hard-coded into source code.
Example:
Request
const payload = {
iss: 'provided_app_id', // issuer - client id
sub: 'store_owner_id', // subject - the resource owner id/username/email
aud: '/oauth/token', // audience
exp: Date.now() + 10000, // expiration time of claim
iat: Date.now(), // issued at time of claim
scope: ['DEFAULT', 'authenticated'] // a list of oAuth 2.0 scopes
};
const body = {
header: { alg: 'RS256' },
privateKey: app.key,
payload
};
// Create a JWT assertion
const assertion = jwt.sign(body);
request
.post('https://api-lokl.peddler.com/oauth/token') //end point
.set('Content-Type', 'application/x-www-form-urlencoded') //header
.send({
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion
})
.end(err, res) => {
const error = res.error || err;
if (error) {
console.log(error);
}
const appToken = res.body; // token!
console.log(appToken);
});
Response
{
"access_token":"FkzdyJV14zc73AaK9FmNCtyp5bUTegis",
"expires_in":7200,
"scope":"DEFAULT authenticated",
"token_type":"Bearer"
}