A bearer token can be used safely in frontend applications that communicate directly with the Shopping Service API. Applications using this token will have limited privileges in our system. We use a JSON Web Token (JWT) as the bearer token. This token is created and signed by Paylogic.
Our system defines a minimal set of permissions for your application that allows retrieving all required information to display event and product details, creating orders for this event, and retrieving details of these orders.
Include the following request header in your Shopping Service API calls:
Authorization: Bearer <jwt token>
To obtain a JWT token for your application, please contact your Client Success Manager.
A Cognito Token represents a logged in user. The token allows access to all orders created by the user represented by the Access Token. This token can be acquired by authenticating a user in the Auth Service.
Include the following request header in your Shopping Service API calls:
Cognito-Token: <cognito access token>
A Personalization request token allows you to personalize one or more tickets and it allows you to manage the Personalization request itself. You can obtain this token by creating a personalization request or by receiving a personalization request by email. This token is included in emails sent to a user to claim a ticket.
Include the following request header in your Shopping Service API calls:
Personalization-Request-Token: <personalization request token>
An Order token allows access to an order and its tickets. This token can currently not be obtained using the Shopping Service API. This token is included in emails sent to the user to view or manage an order.
Include the following request header in your Shopping Service API calls:
Order-Token: <order token>