In this document we are going to explain what is a token in the scope of the e-satisfaction API and how it is used to authenticate a user of the API.
What is a token
As we mentioned in our article, API Authentication, all API calls require authentication. This is essential for the API to identify which user is making the call so that appropriate results will be returned, as well as for security reasons.
Authentication is achieved through the use of an API key. e-satisfaction is using jwt (json-web-tokens).
Each token has a set of scopes included in the encoded string. These scopes are used as an initial key that allows the token to access a set of given endpoints.
You should be able to see the scope for each and single API endpoint at https://esatisfactionv3.docs.apiary.io
Tokens help our system identify which user is making the request, thus it allows the API to check the following:
- Is a valid e-satisfaction signed token and can be used to call the API
- Has the proper scopes and can call the given API endpoint
- It's from a valid user of the system
- The user has access to the requested resource
If one of the above fails, the API call will fail with an error http status code accordingly.
Create a new Token