Download OpenAPI specification:Download
This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
A JWT is a short lifetime token that can be assigned a specific expiration time. To create a JWT session, see JWT session resource.
Usage format: Bearer <JWT>
.
Applications in our App Store can create a JSON Web Token (JWT) by fetching an user's instance.
Usage format: Bearer <JWT>
.
Only for the Tokens resource.
You can create a Publishable API Key via our API Keys resource, by specifying the type as publishable
.
Important: Never share your secret keys. Keep them guarded and secure.
Use your secret API key to make requests from the server side. When you sign up for a Rebilly account, you receive a secret API key. To authenticate in Rebilly API, provide your secret key in the request header.
You can create a JSON Web Token (JWT) via Storefront Authentication.
Usage format: Bearer <JWT>
.
The Javascript SDK is maintained within Github, and contains the installation and usage instructions in the Readme file. SDK code examples are included in these docs.