Authentication

Authentication requirements for the Agent Connect API

Agent Connect APIs use API keys and JSON Web Tokens (JWT) for authentication.

API Key

Each client is provided two API keys (one test key and one production key). These keys can be generated and retrieved within Agent Connect on the Integrations settings page (Settings > Integrations).

integrations settings page
Important:

  • All requests that are not authenticated properly will fail.

  • Requests must be made over HTTPS, not plain HTTP.

JSON Web Token (JWT)

Note: A JWT is required for user management and data return endpoints, but not for Feedback and service recovery requests.

You will need a mechanism within your environment to generate a JWT from your API credentials. JWT is an industry standard token-generation mechanism and is available for all programming environments. Details for your environment can be found at https://jwt.io.

A JWT, signed with your company's API secret using HMAC SHA256, and containing a valid IAT claim, must be provided via the Authorization header. Your company's API key must be provided via the x-api-key header.

Both headers are required, as demonstrated below:

Authorization: <JWT>
x-api-key: <API Key>