Introduction

Authentication

Authenticating with the Cirro API is done using signed JSON Web Tokens (JWT). You can generate a JWT using your app's private key as well as your apps ID. Your app identifier and your app secret can be generated by yourself in the API Integrations page(left sidebar in your customer page). As soon as you hit Create a secret you will receive both values, but please note that the secret will be hidden after you leave this page or press the Conceal button. Make sure to save it somewhere safe ⚠️

If you have trouble with this, please contact our support

Create your access token

To authenticate to cirro API you need the following:

  • Your app identifier iss
  • Your app secret secret

Use your private key to sign a JSON Web Token (JWT) which contains your app's id as the issuer in the payload.

1# Example in ruby
2
3require 'openssl'
4require 'jwt'
5
6# Private key contents
7YOUR_APP_ID = "** Your app identifier **"
8PRIVATE_KEY = "** Your app secret **"
9
10payload = {
11  # JWT expiration time (10 minute maximum)
12  exp: 10.minutes.from_now.to_i,
13  # App client id
14  iss: YOUR_APP_ID
15}
16
17header_fields = { alg: 'HS256' }
18jwt_token = JWT.encode(payload, PRIVATE_KEY, 'RS256')

Then add it to your request header:

Authorization: jwt <JWT_TOKEN>
Previous
Getting Started
Next
Errors