Authentication — Kard API

Kard API

The Kard API supports authentication via OAuth2.0’s client credentials. Issuer client will be provided client_id and client_secret by Kard.

Issuer client sends a POST request with the following headers to the Cognito URL below to retrieve the access_token.

The returned access token must be used in the Authorization header as a bearer token in subsequent requests.

Code Recipe:

GET Session Token request in root directory
baseURL: https://test-rewards-api.auth.us-east-1.amazoncognito.com
{clientHash}: base64 encoded copy of {client_id}:{client_secret}, provided in the postman_environment.json.

1 const axios = require('axios');
2 
3 const config = {
4     method: 'POST',
5     url: 'https://test-rewards-api.auth.us-east-1.amazoncognito.com/oauth2/token?grant_type=client_credentials',
6     headers: {
7         'Content-Type': 'application/x-www-form-urlencoded',
8         'Authorization': 'Basic {clientHash}'
9     }
10 };
11 
12 axios(config)
13 .then(function (response) {
14     console.log(JSON.stringify(response.data));
15 })
16 .catch(function (error) {
17     console.log(error);
18 });

Example response:

1 {
2     "access_token": "jwt-info",
3     "expires_in": 3600,
4     "token_type": "Bearer"
5 }

1	const axios = require('axios');
2
3	const config = {
4	method: 'POST',
5	url: 'https://test-rewards-api.auth.us-east-1.amazoncognito.com/oauth2/token?grant_type=client_credentials',
6	headers: {
7	'Content-Type': 'application/x-www-form-urlencoded',
8	'Authorization': 'Basic {clientHash}'
9	}
10	};
11
12	axios(config)
13	.then(function (response) {
14	console.log(JSON.stringify(response.data));
15	})
16	.catch(function (error) {
17	console.log(error);
18	});

1	{
2	"access_token": "jwt-info",
3	"expires_in": 3600,
4	"token_type": "Bearer"
5	}