authentication/login (GET)

SPF-API endpoints use a JWT token for authentication and authorization. An authentication endpoint is available that will accept your product API Key or Hash and provide a valid JWT token.

To request a new JWT access token, make an HTTP GET request to the URL below, setting the api-key header to the API Key or Hash provided by Symmetry.

Authentication URL

curl --location --request GET '' \
--header 'Accept: application/json' \
--header 'api-key: y0urAPI-KeyG0esH3re'

Authentication Login Response

A successful authentication endpoint response will contain a json object with an access token that can be used for API requests.

  "accessToken" : "yoUrTokEnISh3re!"

An invalid API key will produce the following response.

    "status": "Unauthorized",
    "statusCode": 401,
    "reason": "Api key is invalid and/or expired"


Token Expiration

Important note: JWT tokens are valid for 24 hours. Once expired, you will receive the following response from the SPF-API endpoints and must request a new token.

Unauthorized Response

Below is a sample SPF-API endpoint response when an invalid, expired, or empty JWT token is provided.

{ "message" : "Unauthorized" }

JSON Web Token (JWT) Usage

The encrypted JWT token is to be included in each request to the SPF-API as a Bearer token in the Authorization header with the following formatting:

Authorization: Bearer  eyJhbGciOiJSU0EtT0FF...

curl --location --request GET '' \
--header 'Accept: application/pdf' \
--header 'Authorization: Bearer yoUrTokEnG0esH3re!

Jump to top