Authentication

There are two headers that are used for authenticating against the JRNI API: App-Id and Auth-Token.

App ID

The App-Id header is used to identify the client calling the API and is required on all API requests.

curl https://example.jrni.com/api/v5 -H App-Id:1234

Auth Token

The Auth-Token header is used to access API endpoints requiring authorisation. There are four main permission types:

  • Public - No authorisation required.
  • Member - Access limited to customers with an authenticated account.
  • Contact - Access limited to customers without an authenticated account.
  • Admin - Access limited to administrators that use the Studio interface.

Basket

When calling the basket add item API for a new basket the response will include the auth token associated with the basket in the headers. This can then be used in subsequent API calls for the basket to add, modify or remove items, or checkout.

curl https://example.jrni.com/api/v5/1/basket/checkout -H App-Id:1234 \
  -H Auth-Token:abcd -X POST

Admin

Prior to calling the admin APIs the auth token must be obtained by calling the login API:

curl https://example.jrni.com/api/v5/login/admin -H App-Id:1234 -X POST \
  -d '{ "email": "user@example.com", "password": "letmein" }'

The auth token returned in the response can then be used in subsequent requests:

curl https://example.jrni.com/api/v5/1/administrators/1 -H App-Id:1234 \
  -H Auth-Token:abcd

Member

Prior to calling the member APIs the auth token must be obtained by calling the login API:

curl https://example.jrni.com/api/v5/login/member -H App-Id:1234 -X POST \
  -d '{ "email": "customer@example.com", "password": "letmein" }'

The auth token returned in the response can then be used in subsequent requests:

curl https://example.jrni.com/api/v5/1/members/1 -H App-Id:1234 \
  -H Auth-Token:abcd

Purchase

The purchase APIs are protected by use of a long ID. This is a unique and secure param that allows you to authenticate as the guest owner of the purchase.

If the purchase was made by an authenticated member a auth token header will be required in a similar fashion to the member APIs.

Expiry

The auth token can be used for multiple API calls, it’s valid for 24 hours from it’s last use. Once the token has expired the API will return a 401 Unauthorised error response.