Versions Compared

Old Version 9

changes.mady.by.user Joseph Ioannou

Saved on

compared with

New Version 10

changes.mady.by.user Joseph Ioannou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
nameblue

Table of Contents

...

  • Header
    • typ: The type of the token, which is JWT
    • alg: The hashing algorithm is used, which is HS256
  • Payload: contains the claims which are statements about the user and additional metadata
    • jti: The ID of the user session as generated by CRM.COM
    • usr: The username of the logged in user
    • org: The organization name of the organization that the user logged in
    • oun: The unit name of the unit that the user logged in
    • exp: The expiration time on or after which the JWT becomes invalid and should not be accepted for processing
    • iat: The time at which the JWT was issued
    • cii: The contact information identifier (applicable only when authenticating with Consumer Application Keys)

    • acr: The accounts receivable identifier (applicable only when authenticating with Consumer Application Keys)

  • Signature: is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way. The signature is created by encoding the header and payload and signing them using a secret and the HS256 algorithm

...

Note that the JWT values are case sensitive. Also, exp and iat claims are defined as numeric dates. A numeric date is a JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. There are online tools that you can use to check and validate the JWT, such as the JWT Debugger and also calculate and validate numeric dates, such as the Epoch Converter

...

Code Block
languagexml
titleResponse
linenumberstrue
{
	"data": {
		"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjaWkiOiIyNjk1RkVEM0ZDRkQ0MDg0QUIzOUY0NEIxODg4OTEyMyIsInVzciI6Im1heXRlbXBsYXRlIiwib3JnIjoicHNfZGV2IiwiYXJpIjoiMjYxQkYyQjc5MTk4NDAxRDg5QTc5QzU0NUYxNkNCRUMiLCJvdW4iOiIxIiwiZXhwIjoiMTUxODEwNDg2NCIsImlhdCI6IjE1MTgwOTc2NjQiLCJqdGkiOiJGNTg2QjI4ODA0OEE0MTAwQjc0OUU2MkY0N0RGQzg0NCJ9.yvRGqFy7dL2H6RcqXOJQtD3zBoWHUDpoRN9Ma6hKfpg"
	},
	"status": {
    	"code": "OK",
	    "description": "",
	    "message": ""
	}
}

Consumer Application Web API Methods Exceptional Behavior

Authenticating using this method provides the ability to retrieve data that are owned only by the Accounts Receivable that is identified through the specified Access Token, as a result some Web API Methods that require or retrive another customer infomration (Accounts Receivable/Contact Information) will not work properly

...