Synerise uses JSON Web Token (JWT) as the authorization method in most of the API endpoints (some may require only the API key or no authorization at all).
The token is generated by one of the /auth/login/ endpoints depending on Consumer Type, as described further in this article.
You need to include the received token in the
Authorization header of your requests, with a
See this simplified example of a call:
curl -X GET https://api.synerise.com/v4/clients \ -H 'Accept: application/json' \ -H 'Api-Version: 4.4' \ -H 'Authorization: Bearer eyJhbGciOiJSzZXIiLCJjdGQiOjE1NTI0NjMzMjg4NjIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsIm5tZSI' \ -H 'Content-Type: application/json'
Bearerand the token.
In case of no authorization or an invalid/expired token, you will receive either
HTTP 401 Unauthorized or
HTTP 403 Forbidden.
Our JWT tokens use the
RS512 hashing algorithm and their payload contains client identification, origin of the token (Synerise, Facebook, Oauth), and the expiration time for this token.
The token is valid for one hour (unless configured differently). You can request a refreshed key for the session by using the /auth/refresh endpoint before the current token expires.
You can also verify your JWT signature by using the public key.
Synerise defines different types of API consumers that can receive their own authorization tokens.
This is the end user of your website or application - the one who browses pages, purchases items, and so on. The Client can register and maintain their own account with following methods:
- Synerise RaaS
- Facebook Login
- OAuth type Login
They can also perform other customer actions, such as redeeming vouchers.
The Business Profile is assigned to a particular company as explained here: Knowledge Base: Business Profile. This consumer can use methods that, for example, create Client accounts, record Client actions, or manage promotions.
This is the user who logs in to the Synerise Application.
A User is an actual person who performs actions in the Synerise Application interface, but many of those actions can be automated using the API. Users have access to Business Profiles and different levels of permission within those profiles.
Each method within our API Reference indicates what types of API Consumers can use them.