Authorization token
The API is accessed via a Bearer token. This token is a standard JSON Web Token that is sent along with every request to our API via the Authorization-header. The token expires in 15 minutes, after which a new token must be obtained. It is recommended that you set up a way to automatically renew tokens when they expire if doing operations that span over 15 minutes.
To obtain a token you must use the authorize-endpoint:
POST https://api.prod.kyc.penneo.com/public-api/authorize?accessId=<ID>&accessKey=<KEY>
| Parameter | Description |
|---|---|
| accessId | The Id of the Access Keypair |
| accessKey | The Key of the Access Keypair |
The Authorization endpoint is only accessible via POST.
Example
curl --location --request POST 'https://api.prod.kyc.penneo.com/public-api/authorize?accessId=<ACCESS-ID>&accessKey=<ACCESS-KEY>' \
--header 'X-API-Version: 1' \
--header 'Content-Type: application/javascript'
var myHeaders = new Headers();
myHeaders.append("X-API-Version", "1");
myHeaders.append("Content-Type", "application/javascript");
var formdata = new FormData();
var requestOptions = {
method: 'POST',
headers: myHeaders,
body: formdata,
redirect: 'follow'
};
fetch("https://api.prod.kyc.penneo.com/public-api/authorize?accessId=<ACCESS-ID>&accessKey=<ACCESS-KEY>", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
The endpoint returns a JSON object with this structure:
{
"token": "abcdefghijklmnopqrstuvwxyz",
"timeExpiration": "2020-01-01T00:00:00+00:00"
}