%20(PRIVATE).png?height=120&name=Logo%20(transparent%20background,%20red%20emblem,%20red%20text,%20tagline%20NOT%20included)%20(PRIVATE).png)
Details about Postworks API Authentication mechanisms
Postworks API uses 2 mechanisms for authenticating:
- JWT Token
- API Key
The JWT Token is recommended for workflows that have an interface and ask the user for an username and password, whereas the API Key is recommended for unattended workflows, like an automated document generation system producing letters that get posted to Postworks.
JWT Token
The JSON Web Token is an implementation of the JWT standard (RFC 7519). This standard defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Postworks JWT implementation uses the HMAC algorithm.
A JWT token is obtained upon calling the /auth/login endpoint with a valid username and password.
You can find more information about the JSON Web Tokens at jwt.io including a debugger for reading and debugging JWT content.
API Key
An API key can be used, instead of a JWT token, allowing for more flexible integrations with our API.
The API key should be place inside the header of the request:
X-API-KEY: <API Key here>
Requests will then be validated and authorized against the key in the Authentication header.
Please contact support to request your API Key.
API Keys are not available on Starter plans.