How to authenticate and get a valid JWT

This document explains the steps needed to get a valid JWT to access authenticated endpoints.

This doc uses tenant chp-dev-tenant-a for all examples.

Auth0 token

At the moment, the API only requires a valid JWT with the correct issuer. The issuer is the Auth0 tenant domain name.

The Auth0 tenant will have a CHP-API. In order to access it, you need to create a new machine-to-machine app and give it access to the CHP-API.

To get a valid JWT after this is configured you need to do a credentials exchange:

Request:

curl --request POST \
  --url https://chp-dev-tenant-a.us.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"CLIENT_ID","client_secret":"CLIENT_SECRET","audience":"https://chp.falsepill.com/api/","grant_type":"client_credentials"}'

Response:

{
  "access_token": "VALID_JWT_HERE",
  "token_type": "Bearer"
}

The generated token does not contain any user information and is only useful to route the request to the correct endpoint.

CHP-API access

You can use this bearer token with an Authorization Header in your request to obtain authorized access to your API.

curl --location --request GET 'https://chp.falsepill.com/api/comms/messages' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer VALID_JWT_HERE'

Libraries

Auth0 provides various libraries to integrate with their service. You can find one that suits your needs at https://auth0.com/docs/libraries

Unauthenticated endpoints

Unauthenticated endpoints need a way to route themselves to the correct tenant. In order to do this, add the following header:

x-tenant-id: chp-dev-tenant-a

Note that the routing will only accept one matching rule at a time. This means, if you send both a valid JWT and a header, no route will match.

How to authenticate and get a valid JWT

Auth0 token​

CHP-API access​

Libraries​

Unauthenticated endpoints​

Auth0 token

CHP-API access

Libraries

Unauthenticated endpoints