.png){kind=logo}
Anonymous Token API Document
- 11 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Anonymous Token API Document
- Updated on 11 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
The Anonymous Token API allows clients to securely generate authorization tokens for users accessing the platform anonymously through web browsers and mobile applications (iOS and Android). This API facilitates secure interactions while maintaining user anonymity on all platforms.
API Endpoint
Request Type: Post
URL:
https://api.example.com/identity/anonymous-token
Query Parameters
The following query parameters are required for the API request:
Parameter | Type | Required | Description |
|---|---|---|---|
site | string | Yes | The identifier for the site (e.g., example-site). |
platform | string | Yes | The type of platform (e.g., web_browser, iOS, Android). |
deviceId | string | Yes | A unique identifier for the device (e.g., browser-{unique_id} for web or app-{unique_id} for mobile). |
Possible Platform Values
web_browser: For users accessing via a web browser.
iOS: For users accessing via iOS applications.
Android: For users accessing via Android applications.
Request Headers
The following headers must be included in the request:
Header | Type | Required | Description |
|---|---|---|---|
Accept | string | Yes | Specifies the desired response format (e.g., application/json, text/plain, */*). |
x-api-key | string | Yes | A confidential partner-specific API key for authentication. |
Request Examples
cURL Command
Web Example
curl --location 'https://api.example.com/identity/anonymous-token?site=example-site&platform=web_browser&deviceId=browser-unique_id_1234' \
--header 'Accept: application/json, text/plain, */*' \
--header 'x-api-key: a1b2c3d4e5f6g7h8i9j0k'iOS Example
curl --location 'https://api.example.com/identity/anonymous-token?site=example-site&platform=iOS&deviceId=app-unique_id_5678' \
--header 'Accept: application/json, text/plain, */w*' \
--header 'x-api-key: a1b2c3d4e5f6g7h8i9j0k'Android Example
curl --location 'https://api.example.com/identity/anonymous-token?site=example-site&platform=Android&deviceId=app-unique_id_9012' \
--header 'Accept: application/json, text/plain, */*' \
--header 'x-api-key: a1b2c3d4e5f6g7h8i9j0k'Responses
Successful Response
HTTP Status Code: 200 OK
Response Body:
{
"authorizationToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaXRlIjoicHJvZC1leGFtcGxlIiwic2l0ZUlkIjoiMTIzNDU2Nzg5MCIsInVzZXJJZCI6IjEyMzQ1Njc4OTAiLCJpcGFkZHJlc3NlcyI6IjU0LjE3My4yMDAuMTQ4IiwiaWF0IjoxNjAwNjYxNDc3LCJleHBpcmF0aW9uIjoxNjAwNjY1MDc3fQ.S3krxMZgR7gQ03dZ3Z9Dq8P5gL3t4fD0zC9zQF5p5zM"
}
Error Response
HTTP Status Code: 400 Bad Request
Response Body:
{
"error": "Invalid parameters"
}Common Error Codes
HTTP Status Code | Error Description |
|---|---|
400 Bad Request | Request contains invalid parameters. |
401 Unauthorized | Missing or invalid API key. |
500 Internal Server Error | Unexpected error on the server. |
Important Notes
API Key Security: The x-api-key is specific to each partner and must be kept confidential. Avoid exposing it in client-side code.
Device ID Format: Ensure the deviceId is unique to prevent conflicts. Use a consistent naming convention:
For web: browser-{unique_identifier}
For iOS: app-{unique_identifier}
For Android: app-{unique_identifier}
Token Validity: The authorizationToken is valid for a limited duration. Implement handling for token expiration in your application.
FAQ
What is the purpose of the Anonymous Token API?
What is the purpose of the Anonymous Token API?
Ans: The API allows clients to generate an authorization token for anonymous users, enabling secure interactions without requiring user identification.
How do I authenticate my requests?
How do I authenticate my requests?
Ans: Include the x-api-key header in your requests. This key is specific to your partnership and must be kept confidential.
What parameters are required for the API request?
What parameters are required for the API request?
Ans: Required parameters include:
site: The site identifier (e.g., example-site).
platform: The platform type (e.g., web_browser, iOS, Android).
deviceId: A unique identifier for the device, formatted as browser-{unique_id} for web or app-{unique_id} for mobile.
What should I do if I receive a 400 Bad Request error?
What should I do if I receive a 400 Bad Request error?
Ans: This error indicates invalid parameters. Verify the values for site, platform, and deviceId to ensure they meet the required specifications.
How long is the authorization token valid?
How long is the authorization token valid?
Ans: The token's validity is limited. Implement handling for token expiration within your application.
Can I use this API for mobile devices?
Can I use this API for mobile devices?
Ans: Yes, the API supports mobile devices through the iOS and Android platform values.
What should I do if I encounter a 401 Unauthorized error?
What should I do if I encounter a 401 Unauthorized error?
Ans: This error indicates that the API key is missing or invalid. Double-check that you are including the correct x-api-key in your request headers.
How can I handle the response data?
How can I handle the response data?
Ans: The response includes the authorizationToken, which should be parsed from the JSON response for use in further authenticated requests.
Is there a limit to how many requests I can make?
Is there a limit to how many requests I can make?
Ans: While specific rate limits are not detailed, it is advisable to handle potential throttling and consult your account representative for any applicable limits.
Who can I contact for support or more information?
Who can I contact for support or more information?
Ans: For further questions or assistance, reach out to your API support representative or consult the support resources provided by the API service.
Was this article helpful?