Private token API

API consumption for your RMS, the secure way

Get your Private Token API key

Please contact your account manager to get your Private Token API.

You are responsible for keeping the key secure and private.. Never use the Private Token key in Front-end code or pushed in a public repository.

Type of secret Token

You can choose between a Long-lived token to use only from your backend to ask resources to Rezi API. The short live token can be used in the front end directly, but please respect this flow to keep all your service secure.

Long-lived Secret Token

Get resources from the backend only with the secret token. The extended expiration time of the secret token is more vulnerable, it should only be used in a protected environment.

How to get your Long-lived Secret Token

Get your Long-lived token from your Rms Admin Dashboard. You can revoke it from your dashboard.

Short-lived Token

Use a short-lived token to increase security. Valid for 15 minutes, /accessToken API returns the access_token and the expiration time. You can build on your side a refresh system to keep a fresh token or wait until you receive a 401 error code "Jwt verification fails" to refresh it.

Get an access token by following the step.

1/ Visit your RMS admin page by login with an admin account

Use the query admin-access to access the login page and bypass automatic user redirection.

-> app.your-rms.com/login?admin-access=true

2/ Visit the Open API tab in the RMS admin section

3/ Create a Long-lived private token API access by clicking Create Secret key

You can use Create Test Secret key to separate your test from production

4/ Call accessToken API

Call with the Long-lived token from your backend to receive a short-lived token API (15-minute expiration time) that can be used directly from your client's front end.

Client requests an access token

GET https://open-api.rezi.ai/v1/accessToken

Request a short-lived access token to share with front-end

Headers

Name	Type	Description
Authentication*	String	"Bearer PRIVATE_TOKEN_API_KEY" Authentication token to secure and track down your usage. Use this specific format with your Private API key.

200: OK return short-lived access token

{
    "code": 200,
    "message": "success",
    "token":
"eyJ0eXAiOiAiSldUIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiYjYzZmRkMDA0YzQ3MmE0NmM3ODFlNzZmZmZmYTI2ODA4YjcyM2RhNCJ9.eyJpYXQiOiAxNjYxNzUyMzYxLCAiZXhwIjogMTAwMDAwMDAwMDAsICJpc3MiOiAib3Blbi1hcGktand0LWtleUByZXppLTNmMjY4LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwgImF1ZCI6ICJ2MS0zOHRpN3V0eW1nZXg2LmFwaWdhdGV3YXkucmV6aS0zZjI2OC5jbG91ZC5nb29nIiwgInN1YiI6ICJvcGVuLWFwaS1qd3Qta2V5QHJlemktM2YyNjguaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCAiZW1haWwiOiAib3Blbi1hcGktand0LWtleUByZXppLTNmMjY4LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwgInJtcyI6ICJyZXN1bWFpIn0.0In0SaEwvUu1sCSlVsREuSSY7UVd0MkstvqMsjTwQowbZjJgGoZVQjM4eJScKhOCZfnFwnYu6vFOkHo1PjeGKKdZ00W9R-AnyYLryEyijIrLgUUT1wuhaz1QJ-F6lG_D2nraWyb8QHIZKSIJZy8so0IWSYi04tyJvZj0lIJ0zSBAoP8W841HlqvN-u8P7HRWdcH5PSrUOhB27IL6XRez_tbxEU3aIv64HGasfgx9gBTfgK1tAmrIQu6EtG4X6BQOnmsBeidGwJSBttXNjf6uLKpFv1E5J4Gw3utclVklxuPC0vSKCwVQHro6rbzZ77wd8_ti77ODFP7H1qjlpUuutQ",
    "expired": 1661755961
}

500: Internal Server Error

{
    // Response
}

401: Unauthorized Long-lived token not authorized or expired

{
    "code": 401,
    "message": "Jwt verification fails (02)"
}