Authentication

The Corporate Tools API authorizes requests based on two pieces of information, the access key and the secret key. Your access key is used to identify requests, and your secret key is used to sign requests.

In order to authorize a request, you will need to construct a JWT token and place it in the Authorization HTTP header. The header section of the token contains the following keys.

KeyDescription
access_keyYour access key

The payload of the token is a JSON object containing the following keys.

KeyDescription
pathThe path of the request being made
contentA SHA2 digest of the query string + the content of the body of the request (where applicable)

Token generation example

use \Firebase\JWT\JWT;

$headers = [
  'access_key' => $access_key
];

$payload = [
  'path' => '/documents',
  'content' => hash('sha256', $query_string . $request_body)
];

$token = JWT::encode($payload, $secret_key, 'HS256', null, $headers);
1
2
3
4
5
6
7
8
9
10
11
12