You will require API KEY and API SECRET to successfully generate a bearer token. OpenAPI uses a JWT token to authenticate and encrypt each API request.

In the above example, the token is broken down into three parts:

Part	Description	Example
header	header payload in JSON format BASE64 encoded	`header`
body	body payload in JSON format BASE64 encoded	`token`
bearer	combination of header part and body part encrypted using HS256 with `API Secret` as the key	`header/secret`

The above then is constructed to create the API Token as below:

headerPart.bodyPart.bearerToken

Header Part

The Header part of the TOKEN specifies the type of encryption and token generation method. This will be the same for all API request for that version.

This becomes the first part of the token.

{"alg":"HS256","typ":"JWT"}

Base64 encrypt the Header

echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

Header payload

Body Part

The body part of the payload depends on the API endpoint that is being called. Details on the different endpoint and their payloads are defined in the sections below.

Sample Body Payload

{
  "partnerId": "AG7745",
  "AccountNumber": "081211111111",
  "ProductCode": "PUTK10"
}

Base64 encrypts the Body Payload

echo -n '{"partnerId":"AG7745","AccountNumber":"081211111111","ProductCode":"PUTK10"}' |  base64 | sed s/\+/-/ | sed -E s/=+$//
eyJQYXJ0bmVySUQiOiJjaGVsc2VhIiwiQWNjb3VudE51bWJlciI6IjA4MTMzOTM3MjM4OSIsIlByb2R1Y3RDb2RlIjoiUFJFUEFJRCJ9

Bearer

The bearer is created by applying HS256 encryption to the header and body BASE64 strings with the api_secret key.

Sample Bearer

echo -n 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQYXJ0bmVySUQiOiJjaGVsc2VhIiwiQWNjb3VudE51bWJlciI6IjA4MTMzOTM3MjM4OSIsIlByb2R1Y3RDb2RlIjoiUFJFUEFJRCJ9.s8hfKYCJzTm17gydB5zaOd0Mc2MWT/qXyacdWCWBpBQ' | openssl dgst -sha256 -hmac secret_key -binary | openssl base64 -e -A | sed s/\+/-/ | sed -E s/=+$//
s8hfKYCJzTm17gydB5zaOd0Mc2MWT/qXyacdWCWBpBQ

Go toJWT and verify the JWT token, including the signature