AUTHENTICATION

General Principles for Authentication

The communication between your system and the SCR API requires authentication via signed JWT (JSON Web Token) tokens.

After installing the SCR API, follow these steps to set up authentication:

1. Generate a key pair (RSA or ECDSA) for your system, which will communicate with the SCR API.

2. Store the key pair in a file and configure the API to read from this file by setting the full path in the API's configuration file.

3. Export the public key from the wallet using the wallet CLI and make sure the public key file is accessible by your system.

For each request from your system to the SCR API:

• Generate a JWT signed with your private key.

• The JWT payload must include the following claim:

  • exp: Expiration time. Ensure that the expiration time is short since the JWT should only be used once.

Include the JWT as a Bearer token in the Authorization header of the request.

The SCR API verifies the JWT signature using the public key stored in the wallet. If the signature is invalid, the request will be rejected.

Callbacks from SCR API

For callbacks from the SCR API to your system, the SCR API will generate and sign the JWT. Your system must:

• Retrieve the JWT from the Authorization header.

• Verify the JWT signature with the public key of the SCR API.

• Check the expiration time of the JWT.

If you cannot process a Bearer token in the headers, you can configure the system to include the token in the body by setting subscriptionAuthTokenInBody to true in the configuration.json file.