Authentication

Content

JWT Lifecycle Management Bearer Authorization Issuing and Revoking Tokens

JWT

ProSpend OpenAPI secures API endpoints using JSON Web Tokens (JWT) and Bearer Authorization. All requests must be made securely over HTTPS including the token in the HTTP Authorization header of your requests. NOTE: Never transmit the JWT over HTTP.

Lifecycle Management

For Beta Authentication, clients will be able to issue and revoke their own tokens directly from the ProSpend platform by Admin users. You cannot set detail specific Scopes and Permissions for individual tokens at this stage.

Bearer Authorization

The JWT should be included in the Authorization header when making requests to the ProSpend OpenAPI endpoint. Use the Bearer scheme in the Authorization header to present the JWT and validate the request's authenticity.

Example - Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd…

Issuing and Revoking Tokens

To generate tokens for your ProSpend site, follow the below instructions -

Go to your ProSpend site - https://[your site name].prospend.com/
Login with a user that has admin access.
Switch to admin role.
Click on API Tokens under Setup.
Click on New Token.
Copy the generated token and use it for authentication purposes.
Tokens are valid for 2 years by default. You cannot set a custom period at the moment.
You can also revoke tokens and generate new ones at any point.

Authentication

Open API

Webhooks

ERP Integration

JWT

Lifecycle Management

Bearer Authorization

Issuing and Revoking Tokens

Contact Us

Authentication

Open API

Webhooks

ERP Integration

JWT

Lifecycle Management

Bearer Authorization

Issuing and Revoking Tokens

Related Articles