GuidesDiscussions
API Reference
Start typing to search…

Getting Started with Loyal and Save

Loyal-N-Save Used-Based API

JSON Web Tokens

Our authentication system revolves around the usage of JSON Web Tokens. In each token will live the expiration time, and other useful details about the session provided.

The token is split into 3 unique parts, separated by a period. Each can be decoded using a simple base64 decode to get the information needed

An example token looks like:
header.payload.signature

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vc3RhZ2luZy5nb2Z0eC5jb20vYXBpL2F1dGgvbG9naW4iLCJpYXQiOjE0NjQ5NjYyMDMsImV4cCI6MTQ2NDk2OTgwMywibmJmIjoxNDY0OTY2MjAzLCJqdGkiOiIzY2FjMTM0Nzk1ZTZhYWM5NjkxNWI5NjJhYWIyOGRkZCIsInN1YiI6Nn0.OXbffvl51vH_xD4Hx0vUKUxWyM2HRQOZXoxCzLOC6eQ

The parts are broken down in order below:

  1. Header - Includes algorithm used and the type of token
{
  "alg": "HS256",
  "typ": "JWT"
}
  1. Payload - Includes information such as the issuing server, the expiration time, issue time and other useful details we can store in each request.
{
  "iss":"http://dev.goftx.com/api/auth/login",
  "iat":1464966203,
  "exp":1464969803,
  "nbf":1464966203,
  "jti":"3cac134795e6aac96915b962aab28ddd",
  "sub":6
}
  1. Signature - This is added to the end of the token to provide the server a way of verifying the token was generated through this domain. The secret keys are stored on the server and will never be visible to the user.