Authentication

How to authenticate?

Arianee uses JSON Web Token (JWT) bearer for authentication. To get a valid JWT, you need the below parameters:

  • ID (ID, id or sub): a unique ID representing a user. It is recommended to be a random string to comply with personal data laws.

⚠️

  • The value of this ID is alphanumeric.
  • It should not be a personal data as an email, or hash of an email.
  • Expiration time (exp): a timestamp defining when the JWT expires. The format must be an integer in seconds. It represents the number of seconds since the epoch (RFC 7519).

The JWT must be signed by the brand's RSA private key using the RSA256 algorithm.

πŸ“Œ

  • A JWT with the same ID and signed by a brand corresponds to a unique wallet on Arianee Client Account. If another brand signs a JWT with the same ID, it corresponds to another wallet. Your brand is the only authority allowed to auth its customers.
  • On the Arianee Client Account backend, your brand's public key is stored to let the you interact with Arianee API. Your customers are allowed to interact with our API with valid JWT signed by your brand.

Prod environment - Mainnet: Your brand must generate a private key and send to our team the corresponding public key, decode using RSA256.

  • Your private key is confidential and stored securely on the brand side.
  • On the Arianee Wallet as a Service backend, the brand public key is stored to let users interact with the Arianee API.

Test environment - Testnet: Please contact your project manager to get a set for public key / private key that you can test with.

Example:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJJRCI6ImF1bmlxdWVJRCIsImV4cCI6MTI0Mzk5MzQwf
Q.s88rCnpgwp_DXOSl_6us3qAGjSl_CMpxIfxdzsGdAfHlp9WD87EhmRj34zXV33xMo4LT9gh4UF4ped6
...
{
  "alg": "RS256",
  "typ": "JWT"
}
{
  "ID": "ce9eb91e-8044-4ac0-a05b-ae0bcedsade5",
  "iat": 1661222856,
  "exp": 37662614356
}

How to sign a JSON Web Token?

A user allowed to interact with our API is a valid JWT signed by your brand.

⚠️

The private key of the JWT is the root element to manage user wallets. It should not be compromised and must be stored in a very secure way inside your code with Secret manager, vault.
If compromised, contact us immediately to revoke the private key.

Step 1. To sign a JWT you need a pair of private key/public keys. Generate them using this command for example:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

Step 2. Install the library.

npm install jsonwebtoken

Step 3. Sign your JWT.

var jwt = require('jsonwebtoken');
var privateKey = fs.readFileSync('private.pem');
var token = jwt.sign({ ID: 'auniqueID', exp:124399340 }, privateKey, { algorithm: 'RS256'});

Ressources