Innovaz
Website Linktree
  • Introduction
  • Whitepaper
    • Summary
    • Introduction
    • Problem
    • Solution
    • Market Analysis
    • Competitive Landscape
    • The team
    • Roadmap
  • 🤓User Guide
    • Create an account and log in
    • Create an NFT Collection
    • Customize Template
    • Release NFT Collection
    • Edit Template
    • Mint NFT
  • ⚙️API documents
    • Overview
    • HTTP Status Code
    • Authentication
    • Webhooks & Notifications
    • Chains
    • Collections
    • Link/Unlink
    • Marketplace
  • ⚙️SDK Integrate
    • 1. Python SDK
    • 2. NPM
  • Terms
  • Privacy
Powered by GitBook
On this page
  • Signing a request
  • JWT Structure
  1. API documents

Authentication

Signing a request

Innovaz uses API keys to authenticate all API calls. Depending on the type of application environment, the base API URL will be one of the following:

  • Testnet: https://api-testnet.innovaz.io

  • Mainnet: https://api.innovaz.io

Every API request must contain the following headers:

  • X-API-Key - The API Key created from your Innovaz application.

  • Authorization - This value should be set to Bearer <Access Token>. The access token is a Base64-encoded JSON Web Token (JWT).

JWT Structure

The payload field should contain the following fields:

  • uri - The URI part of the request (e.g., /v1/common/chains).

  • nonce - Unique number or string. Each API request needs to have a different nonce.

  • iat - The time at which the JWT was issued, in seconds since Epoch.

  • exp - The expiration time on and after which the JWT must not be accepted for processing, in seconds since Epoch. (Must be less than iat+30sec.)

  • sub - The API Key.

  • bodyHash - Hex-encoded SHA-256 hash of the raw HTTP request body.

The JWT must be signed with the Innovaz API secret key and the RS256 algorithm.

Authorization: Bearer <JWT>

PreviousHTTP Status CodeNextWebhooks & Notifications

Last updated 1 year ago

⚙️