There are two headers that are used for authenticating against the JRNI API: App-Id and Auth-Token.
App ID
The App-Id header is used to identify the client calling the API and is required on all API requests.
curl https://example.jrni.com/api/v5 -H App-Id:1234Auth Token
The Auth-Token header is used to access API endpoints requiring authorisation. There are four main permission types:
- Public - No authorisation required.
- Member - Access limited to customers with an authenticated account.
- Contact - Access limited to customers without an authenticated account.
- Admin - Access limited to administrators that use the Studio interface.
Basket
When calling the basket add item API for a new basket the response will include the auth token associated with the basket in the headers. This can then be used in subsequent API calls for the basket to add, modify or remove items, or checkout.
curl https://example.jrni.com/api/v5/1/basket/checkout -H App-Id:1234 \
-H Auth-Token:abcd -X POSTThe Auth-Token issued on the Add Item call ensures the booking channel is set to “Client”. Typically the Auth-Token will be valid for 15 minutes however it is configurable to your requirements for Public booking journeys.
Admin
Prior to calling the admin APIs the auth token must be obtained by calling the login API:
curl https://example.jrni.com/api/v5/login/admin -H App-Id:1234 -X POST \
-d '{ "email": "user@example.com", "password": "letmein" }'The auth token returned in the response can then be used in subsequent requests:
curl https://example.jrni.com/api/v5/1/administrators/1 -H App-Id:1234 \
-H Auth-Token:abcdMember
Prior to calling the member APIs the auth token must be obtained by calling the login API:
curl https://example.jrni.com/api/v5/login/member -H App-Id:1234 -X POST \
-d '{ "email": "customer@example.com", "password": "letmein" }'The auth token returned in the response can then be used in subsequent requests:
curl https://example.jrni.com/api/v5/1/members/1 -H App-Id:1234 \
-H Auth-Token:abcdPurchase
The purchase APIs are protected by use of a long ID. This is a unique and secure param that allows you to authenticate as the guest owner of the purchase.
If the purchase was made by an authenticated member a auth token header will be required in a similar fashion to the member APIs.
Expiry
The auth token can be used for multiple API calls, it’s valid for 24 hours from it’s last use. Once the token has expired the API will return a 401 Unauthorised error response.