Authentication
To call any endpoint in the EdWard API, you must authenticate your requests to ensure secure and authorized access. There are two key elements required for authentication:
- X-TENANCY Header
- Authentication Token (X-APPLICATION-KEY or JWT)
1. X-TENANCY Header
The X-TENANCY header is used to specify which tenancy you are connecting to. Imminently will provide you with your tenancy ID during onboarding. This value is required in every API request to correctly associate your calls with the correct tenancy.
2. Authentication Token
You need to provide one of the following headers, depending on your integration method:
a) X-APPLICATION-KEY (For System-to-System Integration)
The X-APPLICATION-KEY is a unique key provided to you during onboarding. This key is used for system-to-system integrations, where no user context is involved.
b) JWT Bearer Token (For User-based Authentication)
If the call is being made on behalf of a user, you must provide a JWT (JSON Web Token) bearer token. The token should come from your configured identity solution, such as Azure EntraID B2C. This token must be included in the Authorization header.
Token Validation
Each service will verify the JWT token with every request. You must ensure that the token is valid at all times. If the token expires or is invalid, the request will be rejected. Ensure your application handles token renewal and validation appropriately.
Once you have obtained your X-TENANCY and authentication method (either X-APPLICATION-KEY or JWT token), include them in the header of your API requests to ensure authorized access to the EdWard system.