An authorization token is used to call Eyrene from a third-party application. This is the unique ID of the calling application.
- 3rd party backend — backend services of a third-party mobile application.
- 3rd party mobile app — a third-party mobile app on the same device.
- Eyrene mobile app — Eyrene mobile app for Android or iOS devices.
- Eyrene backend — backend services of the Eyrene application.
- Token request. To get a new token via the API, the backend of the third-party mobile application makes a POST request.
- Update token info. When a request to issue a token is received, the Eyrene backend adds a new token so that the Eyrene application can use it.
- Token transfer. The backend Eyrene passes the token to the backend of the third-party mobile application.
- Adding a token. The third-party mobile app backend passes the token to the third-party mobile app over a secure communication channel. Additionally, you need to take measures against access to the token, which will be stored in a third-party mobile application.
- Calling a Deep Link. A third-party mobile app uses the new token to call Eyrene. You can log in to Eyrene app with any of the existing tokens, as well as in offline mode. In the DeepLink API, the token is passed as the DeepLinkConst.Parameters.TOKEN parameter.
Before sending a request for a new token, obtain a master key from the account manager. It is only updated manually.
To get a new token, the backend of the third-party application must make a POST request. The master key must be specified in tin the Authorization header with a value of "Token".
The new access token.
created_at string (date-time)
The date and time the token was created in UTC format. From now on, the token is considered active.
expires_at string (date-time)
The date and time the token expires in UTC format.
To terminate a token before it expires, make a POST request to the Eyrene backend API. The request to endpoint /api/auth/v1.0/revoke_token/ must contain the master key in the header and the access token in the token in the body of the request.
The expiration date of the token is explicitly reported in the response to get_token.
The backend of a third-party mobile application must independently renew the token before the previous one expires.
To authorize in the Eyrene app a third-party mobile app can use any valid token.
We recommend getting a new token in advance, without waiting for the expiration of the previous one. This will allow you to distribute the new token to all installed instances of the third-party mobile app before the old token expires.