Rebilly Experimental Reports API (0.1)
Download OpenAPI specification:Download
This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
- Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
- Publishable API key: Use in your client-side code to tokenize payment information.
- JWT: Use to make short-life tokens that expire after a set period of time.
JWT
JWT is a short lifetime token that can be assigned a specific expiration time. To create a JWT session, see JWT session resource.
Usage format: Bearer <JWT>.
ApplicationJWT
Applications in the Rebilly App Store can create a JSON Web Token (JWT) by fetching an user's instance. For more information, see Retrieve an application instance.
Usage format: Bearer <JWT>.
PublishableApiKey
This authentication method is applicable to specific operations.
To create a publishable API key, see Create an API key.
CustomerJWT
To create a JSON Web Token (JWT) using Storefront authentication, see Create a session with username and password.
Usage format: Bearer <JWT>.
The Javascript SDK is maintained within Github, and contains the installation and usage instructions in the Readme file. SDK code examples are included in these docs.