Use Authorization Tokens to Access APIs
How to Use Token-Based Authorization
The API is designed to receive a token that is later used to authorize the user when working with Payments API and with Noventiq Checkout API (Products API, Dynamic Product Checkout API, Subscriptions API).
To authorize when using these APIs, transfer the token in the request header:
- Format:
Bearer [token] - Where [token] is substituted by the token value obtained through the authentication API.
Example
Let us suppose that you received the following response to your request to the Authentication API:
{
"token": "fj45u923j59ju42395iu9423i59243u0",
"refresh_token": "4e283bb7620068c42d6"
}When making the request to another API, transfer in the request header:
AuthorizationJWT: Bearer fj45u923j59ju42395iu9423i59243u0When using Postman, you can add the Token variable to the Environment settings and insert the token value automatically into your requests to other APIs.
Authorization Errors
If authorization with the token is not performed, then the HTTP/1.1 401 Unauthorized response code and the error description return in the response body in JSON format.
Additional Error Codes for HTTP 401
| Error | Message | Description |
| 1007 | Your token is invalid. | Authorization failed, your token value is invalid. |
| 1008 | Missing token. | Authorization failed, your token has not been transferred. |
| 1009 | Your token is expired. | Authorization failed, your token has expired. |
Example of Error Response
{
"errors": [
{
"error": 1007,
"message": "Your token is invalid."
}
]
}