Back to top
Vastuu Group

Get Bearer Token

Last updated: March 16, 2021
|
Reading time: 3 min

Tags: V1 APIs, Sandbox, Bearer Token

Platform of Trust authentication supports OAuth 2.0 protocol for authorization. Thus in order to perform most of requests to Platform Of Trust APIs, users must be authorized.

This guide is meant for everyone who wants to use or simply try out Platform Of Trust capabilities. As user or identity authorization is an essential part of it.

Note: Keep in mind, that version 1 APIs in Platform of Trust have been used in this demonstration.

Table of contents

What is bearer token?

A signed JWT token. Platform of Trust can validate it and communicate with any party who is able to provide such token.

– 

Bearer token

In encoded form, it looks like eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzY29w...DVs5aaf, as you might have seen in many examples and guides. A bearer token is easy to decode and no information is hidden, because the purpose of bearer token is to pass information with signed by signature. When signature is validated, the data can be trusted. If you want to decode token you can do it online.

NOTE: Bearer token gets expired after 24 hours.

How to get Bearer token

There is only one possibility to obtain Bearer token is being authorized via an application such as the World application.

To get the bearer token:

  1. After signing in into Platform of Trust Sandbox, open the developer tool in your browser.
  2. Go to the Application tab. Refresh your browser tab once.
  3. You will notice an Authorization cookie appearing. This cookie contains the Bearer token.
  4. To use in the Insomnia workspace, exclude the "Bearer " part and copy the rest of the token.

bearer-token.png

NOTE: Make sure to remember getting the regenerated token after 24 hours to continue using it in the workspace.

Bearer token and Platform of Trust APIs

Most of Platform of Trust APIs require bearer token in HTTP header Authorization: Bearer {token}. Simply pass it with each HTTP request.

curl --request POST \
  --url https://api-sandbox.oftrust.net/apps/v1 \
  --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzY29w...DVs5aaf' \
  --header 'Content-type: application/json' \
  --data '{
    "name": "Example Application",
    "description": "Application description",
    "privacyPolicyUrl": "http://example.com/privacy.html",
    "webPageUrl": "http://example.com/application.html",
    "iconUrl": "http://example.com/icon.png",
    "scopes": "",
    "defaultScopes": "",
    "redirectUris": "https://example.com/auth-callback",
    "defaultRedirectUri": "https://example.com/auth-callback",
    "groupId": "7a5c0197-7e05-4180-8d6f-104911880eee"
  }'

To know which API request requires Authorization header, check API documentation

Summary

Bearer token is required for most of the requests in Platform of Trust. It enables an extra security level that ensures the validity and consistency of data that the platform helps to provide.
The recommended next step is to register a new app.

The open sandbox is your friend! It's an isolated environment for testing applications and data product integrations. Read more from the Sandbox guide.

Ready to explore more?

Try Platform Sandbox

Improvement Suggestions? or a New Guide?

Tell us in GitHub