In the digital era, ensuring secure and seamless interaction with various platforms is paramount. One of the primary tools that make this possible is the bearer token. Whether you’re an app developer or a tech-savvy user, understanding how to obtain and manage these tokens is crucial. Please bear in mind that this demonstration utilizes version 1 APIs within the Platform of Trust.
What is a Bearer Token?
A bearer token is a cryptographic string of characters that serves as proof of identity and access rights for users and applications. Think of it as a key that unlocks specific digital doors. Unlike ID-and-password combinations, bearer tokens grant access without continually needing to prove one’s identity.
In its encoded state, a bearer token might appear as eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzY29w…DVs5aaf, a format familiar from various examples and tutorials. Unlike some encrypted formats, a bearer token is straightforward to decode since its main aim is to convey information, authenticated by a signature. The bearer token has a 24-hour expiration period.
Obtaining the Bearer Token via the World Application
The sole method to acquire a Bearer token involves authentication through an app like the World application.
Steps to retrieve the bearer token:
- Log into the Platform of Trust Sandbox;
- Launch the developer tool within your browser;
- Navigate to the ‘Application’ tab and refresh your browser once;
- An ‘Authorization’ cookie will become visible. This is where the Bearer token is housed;
- For use in the Insomnia workspace, omit the “Bearer ” prefix and simply copy the remainder of the token.
Remember to obtain a refreshed token every 24 hours to maintain its usability in the workspace.
Authentication Token and Trust Platform APIs
For many Trust Platform APIs, an authentication token is necessary in the HTTP header as Authorization: Bearer {token}. Include this with every HTTP request.
curl --request POST \
--url https://api-sandbox.oftrust.net/apps/v1 \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzY29w...DVs5aaf' \
--header 'Content-type: application/json' \
--data '{
"name": "Example Application",
"description": "Application description",
"privacyPolicyUrl": "http://example.com/privacy.html",
"webPageUrl": "http://example.com/application.html",
"iconUrl": "http://example.com/icon.png",
"scopes": "",
"defaultScopes": "",
"redirectUris": "https://example.com/auth-callback",
"defaultRedirectUri": "https://example.com/auth-callback",
"groupId": "7a5c0197-7e05-4180-8d6f-104911880eee"
}'
Conclusion
In the evolving digital landscape, authentication mechanisms like Bearer tokens are becoming increasingly crucial. For many platforms, including the Platform of Trust, these tokens are not just a recommendation but a requirement for the majority of requests. Their role extends beyond simple access, acting as a fortified layer of security. Such measures safeguard the integrity, validity, and consistency of the data, ensuring that users can rely on the accuracy of the information they receive and interact with.