Rebilly Experimental Reports API (0.1)
Download OpenAPI specification:Download
This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
- Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
- Publishable API key: Use in your client-side code to tokenize payment information.
- JWT: Use to make short-life tokens that expire after a set period of time.
JWT
A JWT is a short lifetime token that can be assigned a specific expiration time. To create a JWT session, see JWT session resource.
Usage format: Bearer <JWT>.
ApplicationJWT
Applications in our App Store can create a JSON Web Token (JWT) by fetching an user's instance.
Usage format: Bearer <JWT>.
PublishableApiKey
Only for the Tokens resource.
You can create a Publishable API Key via our API Keys resource, by specifying the type as publishable.
SecretApiKey
Important: Never share your secret keys. Keep them guarded and secure.
Use your secret API key to make requests from the server side. When you sign up for a Rebilly account, you receive a secret API key. To authenticate in Rebilly API, provide your secret key in the request header.
CustomerJWT
You can create a JSON Web Token (JWT) via Storefront Authentication.
Usage format: Bearer <JWT>.
The Javascript SDK is maintained within Github, and contains the installation and usage instructions in the Readme file. SDK code examples are included in these docs.