Migrating from ECDSA to OAuth2
A guide for existing customers that want to migrate from ECDSA to JWT Auth Token authentication.
Am I required to switch if I'm using ECDSA?
For now, no.
While there is currently no ETA, we do plan to eventually sunset ECDSA authentication and only support JWT Auth Token authentication.
Use a JWT auth token instead of private keys for signing requests.
You can implement OAuth2 for your existing app or create a new app and have us migrate data from your old app.
Client ID and Secret
If you are implementing the OAuth2 method for an established ECDSA app, you will need to reach out to us to create a client ID and secret for you.
Useful documentation
SDKs
We created our SDKs for the main purpose of assisting with signing requests using ECDSA authentication.
JWT Auth Token authentication is NOT supported by our SDKs.
If you are currently utilizing our SDKs, you will need to implement making requests using HTTP request protocol before moving on the the Implementation section of this guide.
Postman Collection
Find it here.
Implementation
If you are not currently utilizing our SDKs, move forward with implementing a conventional JWT/OAuth2 authentication flow:
- Retrieve a JWT token by calling the
/auth_token
endpoint using HTTP Basic authentication. - Use that JWT token for all other API endpoints, using HTTP Bearer authentication.
/auth_token endpoint
Use this endpoint to generate an auth token to authenticate subsequent API requests, or to invalidate a token.
- This token has an 8-hour expiry window.
- The /auth_token doc includes details on:
- Building and encoding an HTTP Basic Authentication credentials string, required for this request
- Request and response specs
- The token object returned will include three attributes:
- token -
string
: an alpha-numeric 205 character string that will be passed back for the base64-encoded token value in the Bearer token authorization header for subsequent API calls. - expiration -
int
: an epoch timestamp designating the expiration timestamp in UTC. - expiration_dt -
string
: a human-friendly date/time representation of the expiration timestamp; conforms to ISO 8601 date and time format in UTC.
- token -
Auth token caching
You should cache or store the auth token object in your database and continue using the same token until its expiration time is less than 30 minutes.
- If you re-request a token for your app while your current token has more than 30 minutes left before it expires, the API will return the same token from the previous request.
- Only when your token has less than 30 minutes left of the expiry window will a new token be issued with a new, full 8-hour window.
How to authorize requests with a JWT Auth Token
After retrieving your token from calling /auth_token
, you will include the token as part of the authorization header of all your API requests.
Authorization: Bearer [GENERATED 205 char JWT TOKEN HERE]
Updated 29 days ago