JWT

ProSpend OpenAPI secures API endpoints using JSON Web Tokens (JWT) and Bearer Authorization. All requests must be made securely over HTTPS including the token in the HTTP Authorization header of your requests. NOTE: Never the transmit the JWT over HTTP.

Lifecycle Management

For Beta Authentication, users will be issued an OpenAPI Access JWT directly by ProSpend. In Production, clients will be able to issue and revoke their own tokens as well as detail specific Scopes and Permissions for individual tokens, this will be done directly from the ProSpend platform by SuperAdmin users.

Bearer Authorization

The JWT should be included in the Authorization header when making requests to the ProSpend OpenAPI endpoint. Use the Bearer scheme in the Authorization header to present the JWT and validate the request's authenticity.

Example - Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd…