# Generate JWT Token *** ### Overview This endpoint authenticates clients by their `client-id` and `client-secret`, and generates a JWT (JSON Web Token) for authorized access to secured endpoints. The JWT should be included in the `Authorization` header of subsequent API requests. #### HTTP Request `GET : /auth/jwt` #### Request Headers | Header | Description | | --------------- | ---------------------------------------------------------------------- | | `client-id` | The unique identifier for the client. | | `client-secret` | The secret key associated with the client-id, used for authentication. | #### Response Upon successful authentication, the server responds with a JWT in the `Authorization` header of the response. **Response Headers** | Header | Description | | --------------- | --------------------------------------------------------------------------------------- | | `Authorization` | The JWT prefixed with `Bearer` , e.g., `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...` | **Sample Response Header** ``` Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... ``` #### Status Codes The endpoint returns the following status codes: | Status Code | Description | | ----------- | ------------------------------------------------------------------------------------------------------- | | 200 | `OK` - The request has succeeded and the JWT is provided in the `Authorization` header of the response. | | 400 | `Bad Request` - The request is invalid or missing required headers. | | 403 | `Unauthorized` - The provided `client-id` or `client-secret` is invalid. | | 500 | `Internal Server Error` - We had a problem with our server. Try again later. | #### Example Request Using `curl` to make a request to generate a JWT: ```bash curl -X POST "{{base_url}}/auth/jwt" \ -H "client-id: YOUR_CLIENT_ID" \ -H "client-secret: YOUR_CLIENT_SECRET" ``` #### Notes * The generated JWT is valid for a specific period (`1 hour`). After it expires, you will need to request a new token using this endpoint. * Ensure the security of your `client-secret`. Do not expose it in client-side code or in environments where unauthorized users can access it. *** ### Usage in subsequent calls Use the generated JWT in all the other calls as it was provided in the generation api * Header name: `Authorization` * Prefix the token with `Bearer`