Use Authorization Tokens to Access APIs

The API is designed to receive a token that is later used to authorize the user when working with Payments API and with Noventiq Checkout API (Products API, Dynamic Product Checkout API, Subscriptions API).

To authorize when using these APIs, transfer the token in the request header:

Authorization token.
  • Format: Bearer [token]
  • Where [token] is substituted by the token value obtained through the authentication API.

Let us suppose that you received the following response to your request to the Authentication API:

  "token": "fj45u923j59ju42395iu9423i59243u0",
  "refresh_token": "4e283bb7620068c42d6"

When making the request to another API, transfer in the request header:

AuthorizationJWT: Bearer fj45u923j59ju42395iu9423i59243u0

When using Postman, you can add the Token variable to the Environment settings and insert the token value automatically into your requests to other APIs.

Example of variables set up in Postman
Example of token transfer using postman

If authorization with the token is not performed, then the HTTP/1.1 401 Unauthorized response code and the error description return in the response body in JSON format.

Error Message Description
1007 Your token is invalid. Authorization failed, your token value is invalid.
1008 Missing token. Authorization failed, your token has not been transferred.
1009 Your token is expired. Authorization failed, your token has expired.
  "errors": [
      "error": 1007,
      "message": "Your token is invalid."