Authentication

You'll need to authenticate your requests to access any of the endpoints in the OpenTransact API. In this guide, we'll look at how authentication works. OpenTransact offers a simple way to authenticate your API requests: Bearer Token Authentication with a provided API key.

Please don't commit your OpenTransact API keys to source control!

Authenticating Requests

The required way to authenticate with the OpenTransact API is by using a bearer token. When establishing a connection, you will need your access token — you can get an access token by requesting one from support@opentransact.com. Here's how to add the token to the request header using cURL:

Example request with bearer token

curl https://api.opentransact.com/v1/profiles \
  -H "Authorization: Bearer {token}"

Always keep your token safe and revoke it and request a new one if you suspect it has been compromised.

API Key Format

Each API key is actually a JWT, you can parse the token with any JWT library. The token is composed of three parts, separated by a period (.):

Token format

{header}.{payload}.{signature}

API Key Expiration

Within the payload, there is an exp field that indicates when the token will expire. By default the token will expire one year after it was created. Keep track of this expiration and ensure that you create a new token prior to expiration or your requests will fail.

Was this page helpful?