This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
A JWT is a short lifetime token that can be assigned a specific expiration time. To create a JWT session, see JWT session resource.
Applications in our App Store can create a JSON Web Token (JWT) by fetching an user's instance.
Only for the Tokens resource.
You can create a Publishable API Key via our API Keys resource, by specifying the type as
Important: Never share your secret keys. Keep them guarded and secure.
Use your secret API key to make requests from the server side. When you sign up for a Rebilly account, you receive a secret API key. To authenticate in Rebilly API, provide your secret key in the request header.