Authentication API
Pata tokeni za upatikanaji za kuthibitisha maombi ya API.
Thibitisha Utambulisho
Badilisha vitambulisho vyako vya API kuwa tokeni ya JWT ya upatikanaji.
POST /business/authMwili wa Ombi
| Sehemu | Aina | Inahitajika | Maelezo |
|---|---|---|---|
apiKey | string | Ndiyo | Funguo yako ya API |
apiSecret | string | Ndiyo | Siri yako ya API |
Mfano wa Ombi
curl -X POST https://api.test.wakapay.io/business/auth \
-H "Content-Type: application/json" \
-d '{
"apiKey": "your_api_key",
"apiSecret": "your_api_secret"
}'const response = await fetch("https://api.test.wakapay.io/business/auth", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
apiKey: "your_api_key",
apiSecret: "your_api_secret",
}),
});
const data = await response.json();
console.log(data.accessToken);import requests
response = requests.post(
'https://api.test.wakapay.io/business/auth',
json={
'apiKey': 'your_api_key',
'apiSecret': 'your_api_secret'
}
)
data = response.json()
print(data['accessToken'])Jibu la Mafanikio
Msimbo wa Hali: 200 OK
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.****...****",
"expiresIn": 3600
}Sehemu za Jibu
| Sehemu | Aina | Maelezo |
|---|---|---|
accessToken | string | Tokeni ya JWT ya upatikanaji ya kutumia kwa maombi yaliyothibitishwa |
expiresIn | number | Muda wa uhalali wa tokeni kwa sekunde (3600 = saa 1) |
Majibu ya Makosa
400 — Vitambulisho Vinakosekana
Sehemu za apiKey au apiSecret zinakosekana:
{
"code": 0,
"error": "apiKey and apiSecret required"
}400 — Vitambulisho Tupu
Thamani tupu za apiKey au apiSecret:
{
"code": 0,
"error": "apiKey and apiSecret required"
}400 — Mzigo Usio Sahihi
JSON iliyoharibika au Content-Type isiyo sahihi:
{
"code": 0,
"error": "invalid payload"
}Sababu za Kawaida:
- Sintaksia ya JSON isiyo sahihi
- Kichwa cha
Content-Type: application/jsonkinakosekana - Kutuma data isiyo ya JSON
401 — Vitambulisho Visivyo Sahihi
apiKey au apiSecret isiyo sahihi:
{
"code": 0,
"error": "invalid credentials"
}Kutumia Tokeni ya Upatikanaji
Jumuisha tokeni ya upatikanaji katika kichwa cha Authorization cha maombi yote ya API yajayo:
Authorization: Bearer {accessToken}Mfano
curl https://api.test.wakapay.io/business/balance?currency=USD \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."Mbinu Bora za Tokeni
Kuhifadhi Tokeni
Hifadhi tokeni katika kumbukumbu na uzitumie tena hadi zimalizike ili kuepuka maombi yasiyo ya lazima ya uthibitishaji:
class TokenManager {
constructor(apiKey, apiSecret) {
this.apiKey = apiKey;
this.apiSecret = apiSecret;
this.token = null;
this.expiresAt = null;
}
async getToken() {
// Return cached token if still valid (with 60s buffer)
if (this.token && Date.now() < this.expiresAt - 60000) {
return this.token;
}
// Request new token
const response = await fetch("https://api.test.wakapay.io/business/auth", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
apiKey: this.apiKey,
apiSecret: this.apiSecret,
}),
});
const data = await response.json();
if (data.error) {
throw new Error(data.error);
}
this.token = data.accessToken;
this.expiresAt = Date.now() + data.expiresIn * 1000;
return this.token;
}
clearToken() {
this.token = null;
this.expiresAt = null;
}
}Kushughulikia Kumalizika kwa Tokeni
Unapopokea kosa la 401 Unauthorized, futa tokeni yako iliyohifadhiwa na omba mpya:
async function makeAuthenticatedRequest(url, options) {
let token = await tokenManager.getToken();
try {
const response = await fetch(url, {
...options,
headers: {
...options.headers,
Authorization: `Bearer ${token}`,
},
});
// Token expired, get new token and retry once
if (response.status === 401) {
tokenManager.clearToken();
token = await tokenManager.getToken();
return fetch(url, {
...options,
headers: {
...options.headers,
Authorization: `Bearer ${token}`,
},
});
}
return response;
} catch (error) {
throw error;
}
}Mbinu Bora za Usalama
- Usiwahi kuweka kumbukumbu za tokeni: Tokeni ni nyeti na hazipaswi kuwekwa kumbukumbu au kufichuliwa
- Tumia HTTPS: Daima tumia viungo vya HTTPS kuzuia kunaswa kwa tokeni
- Hifadhi kwa usalama: Usiwahi kuweka funguo/siri za API katika udhibiti wa toleo
- Vigeu vya mazingira: Hifadhi vitambulisho katika vigeu vya mazingira
- Tenganisha mazingira: Tumia funguo tofauti kwa majaribio na uzalishaji
Kumalizika kwa Tokeni
- Muda: Tokeni zinamalizika baada ya sekunde 3600 (saa 1)
- Refresh: Omba tokeni mpya kabla ya ya sasa kumalizika
- Buffer: Tekeleza buffer ya sekunde 60 kabla ya kumalizika ili kuzuia hali za pembeni
Yanayohusiana
- Mwongozo wa Uthibitishaji — Mwongozo wa kina wa uthibitishaji na mbinu bora
- Kushughulikia Makosa — Jifunze kuhusu misimbo ya makosa na ushughulikiaji
Imesasishwa mwisho tarehe