Skip to content
  • There are no suggestions because the search field is empty.

AUTH & JWT Tokens

The CarltonOne Engagement Cloud API uses JWT or apiKey tokens to authenticate requests. The type of authentication method you use depends on your organization and level of access to the API.

JWT and apiKey Authentication

There are two main methods for authenticating your API calls: JSON Web Tokens (JWT) and apiKeys.

  • JWT tokens offer access to any Engagement APIs that your reseller organization has access to.
    • The same JWT token can authenticate calls to different APIs and actions performed while using this token are not subject to permission restrictions.
  • apiKey tokens offer authentication for each individual API and new tokens are required for each session.
    • apiKey tokens are also subject to user permissions, meaning that you cannot perform calls that your member account does not have authorization for.
    • Procedures for generating apiKey tokens can be found in the Authentication article of each API in the developer portal.
To generate a JWT Auth token:

1. Obtain the required credentials to generate a JWT token: your client_id, client_secret, and grant_type. For more information, please contact your Client Success Manager.

2. Call POST /EAPI/OAUTH/TOKEN with a request containing these credentials.

Call:

Response:

3. Add the returned JWT token to the Header or the Authorization field in your API requests.

 

To authenticate in Swagger:

1. In the API documentation file, select Authorize.

2. Add the generated JWT to the bearerAuth (http, Bearer) Value field.

3. Select Authorize.