The Corporate Tools API authorizes requests based on two pieces of information, the access key and the secret key. Your access key is used to identify requests, and your secret key is used to sign requests.
In order to authorize a request, you will need to construct a JWT token and place it in the
Authorization HTTP header. The header section of the token contains the following keys.
|access_key||Your access key|
The payload of the token is a JSON object containing the following keys.
|path||The path of the request being made|
|content||A SHA2 digest of the query string + the content of the body of the request (where applicable)|
Token generation example
use \Firebase\JWT\JWT; $headers = [ 'access_key' => $access_key ]; $payload = [ 'path' => '/documents', 'content' => hash('sha256', $query_string . $request_body) ]; $token = JWT::encode($payload, $secret_key, 'HS256', null, $headers);