There are two headers that are used for authenticating against the JRNI API: App-Id and Auth-Token.

App ID

The App-Id header is used to identify the client calling the API and is required on all API requests.

curl -H App-Id:1234

Auth Token

The Auth-Token header is used to access API endpoints requiring authorisation. There are four main permission types:

  • Public - No authorisation required.
  • Member - Access limited to customers with an authenticated account.
  • Contact - Access limited to customers without an authenticated account.
  • Admin - Access limited to administrators that use the Studio interface.


When calling the basket add item API for a new basket the response will include the auth token associated with the basket in the headers. This can then be used in subsequent API calls for the basket to add, modify or remove items, or checkout.

curl -H App-Id:1234 \
  -H Auth-Token:abcd -X POST


Prior to calling the admin APIs the auth token must be obtained by calling the login API:

curl -H App-Id:1234 -X POST \
  -d '{ "email": "", "password": "letmein" }'

The auth token returned in the response can then be used in subsequent requests:

curl -H App-Id:1234 \
  -H Auth-Token:abcd


The auth token can be used for multiple API calls, it’s valid for 24 hours from it’s last use. Once the token has expired the API will return a 401 Unauthorised error response.