API Reference

Token Authentication

JWT Token Caching Implementation

Implementing a caching strategy for JWT tokens can be a valuable approach to improving performance and reducing network traffic in systems that rely on token-based authentication. By temporarily caching access tokens, clients can avoid the need to request new tokens for every API call, as long as the tokens remain valid.

To ensure the security of cached tokens, it is crucial to follow best practices. First, JWT tokens must be securely stored on the partner's side, preventing unauthorized access to resources. Additionally, the credentials and certificates used to obtain the tokens should be properly safeguarded.

When choosing between local and shared caching, it's important to consider the system's specific requirements, including security, scalability, and consistency. While local caching offers fast access, it is volatile and can be lost in the event of a system reboot. On the other hand, distributed caching is more suitable for distributed environments, ensuring token consistency and availability across the entire system.

In configuring a distributed caching system, it's critical to implement robust security measures to protect cached authorization tokens. This includes encrypting data both at rest and in transit, as well as monitoring for suspicious activity.

Additionally, an automated token renewal mechanism must be implemented to ensure tokens are refreshed before they expire. This can be achieved through automatic reauthentication when a token is nearing expiration.

To address concurrency issues when accessing and updating authorization tokens in a distributed cache, it is recommended to implement concurrency control mechanisms such as locks, mutexes, atomic transactions, or version control. These mechanisms ensure data consistency within the cache and prevent issues like race conditions and data inconsistencies.

📘

Access Token Request

Please ensure that the MTLS certificate is configured before proceeding.

Once you have obtained the access token, you can use it to authenticate API calls during the validity period specified in the "expires_at" field of the response (max time is 5 minutes).

Token Request

curl --location '<https://pix.treeal.com/oauth/token'>  
    --header 'Content-Type: application/x-www-form-urlencoded'  
    --data-urlencode 'client_id=\<your_client_id>'  
    --data-urlencode 'client_secret=\<your_client_secret>'  
    --data-urlencode 'grant_type=client_credentials'

Token Response

{  
  "access_token": "eyJhbGciOi…",  
  "expires_in": 300,  
  "refresh_expires_in": 0,  
  "token_type": "Bearer",  
  "not-before-policy": 1680810673,  
  "scope": "profile email qrcodes"  
}