Authenticating to the API

The Fuse API uses a Client ID and Secret to generate an authentication token that lasts for 24 hours.

Here's a step by step walk through of how to retrieve a bearer token (known as access_token) from our Auth API.


Once you've successfully retrieved your token, you'll be able to use this for 24 hours before needing a new access token.

Here's an example of a request that has successfully added the access_token

curl --request GET \
     --url https://api-sandbox.fuse.me/v1/accounts \
     --header 'accept: application/json' \
     --header 'authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImYxMXhWYV9hUHM1cFFEZVNWdzZLYyJ9.eyJodHRwczovL2FwaS5mdXNlLm1lL29yZ19pZCI6IjNjMmY4MjFkLTNhMWQtNGU1Ny1iMWY0LTY3ZDhjNzAyNGM2NyIsImlzcyI6Imh0dHBzOi8vZnVzZWJhbmtkZXYudWsuYXV0aDAuY29tLyIsInN1YiI6InRHbDc5YWViSE5IRXVXZHltZW1SYlBtdTdSTGcxVWtyQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2FwaS5mdXNlLm1lIiwiaWF0IjoxNjg2NjYwOTE4LCJleHAiOjE2ODY3NDczMTgsImF6cCI6InRHbDc5YWViSE5IRXVXZHltZW1SYlBtdTdSTGcxVWtyIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.M1dTV1Fr07iowrd7goQE3a_M825J5tT0uNKuWaaMZ8_QeBAXWXWSLtwCYC2Nm3ZgpS5gr9UnHrDjuV92zaLYB9QFp7Z7Q5fP_Zkqu8Qli3KoY7qdwQRdhtapnxdBqPYQboyz4DJR6UI29P-uXyatz_t69aRVtvd_4iToKqo-OXQJYIaTSUl8wW0fitEIRGOl8zXX1RMLItZaoo6bDzty1yIKFp_TKsmNOQpxgD4WuvkbGzekYGqUWlCPDt4_zwlS_CYB4-S-DdfliLdU8FnKocrKKLNSBm-451JaTftlV2NI-OUi65GTJvcXh2Hq9B19Fqf7zr6QIekjrZqCgvA0qg'

Go to the auth endpoint documentation in our API reference.

JWT (JSON Web Tokens) Usage

Overview

Our API employs JSON Web Tokens (JWT) for securing communication between services. JWTs are an industry-standard RFC 7519 method for representing claims securely between two parties. Understanding the lifecycle of JWTs and best practices for their management is crucial for secure and efficient API interactions.

JWT Lifetime

Each JWT issued by our API has a 24-hour validity period. Once this period elapses, the JWT expires and will no longer be accepted, necessitating the issuance of a new JWT for ongoing API access.

Caching and Reuse Recommendations

To ensure your application interacts with our API efficiently and reduces the burden on authentication services, we recommend caching and reusing JWTs for their entire validity period. Implementing JWT caching effectively can significantly enhance your application's performance and reduce unnecessary load on our systems.

Best Practices for JWT Caching:

  • Secure Storage: Store the JWT in a secure component of your application, ensuring it’s accessible only by the components that require it for making API calls.
  • Expiry Monitoring: Track the expiry timestamp of the JWT to anticipate when it will become invalid. Aim to request a new JWT slightly before the current one expires to guarantee continuous API access.
  • Automated Refresh: Design your application to automatically obtain a new JWT as the current one approaches expiry. This should be a seamless background process that does not interrupt the application's functionality.

Adhering to these practices allows for the secure and efficient use of JWTs in your application, facilitating optimal performance and reliability in your API interactions.