All Collections
Develop
PassKit API
Using Long-Lived API Tokens
Using Long-Lived API Tokens
Jesse Langford avatar
Written by Jesse Langford
Updated over a week ago

WARNING: A Long-Lived Token provides full and permanent API access to your account. It should only be used for integrating legacy systems that not able to consume using our SDKs and are unable to dynamically generate a JWT for each request.

If you are integrating via REST then we strongly recommend you authenticate using a JWT, as per this guide.

There are two ways you can obtain a long-lived API token:

Via the PassKit Portal

  1. Navigate to the program that you want to use

  2. Click on settings

  3. Click on integrations

  4. Click the Long Lived API Token button


  5. Provide your password when prompted


  6. Upon successful authentication, your token will be displayed


Via the API

You can also obtain a token by calling the login endpoint with a special request header.

METHOD: POST

URL: https://api.pub1.passkit.io/login

HEADERS: x-passkit-longlived-token: true

BODY: { "username": "xxx", "password": "xxx" }

RESPONSE: { "token": "xxx" }

Long Lived Tokens are not Json Web Tokens. If you use a standard jwt library or a tool like jwt.io to inspect the token it will fail.

Usage

To use your token, include it in your authorization header with a Bearer prefix to consume the REST API.

Authorization: Bearer token

Related Articles
2 Steps to Call PassKit API from Google App Script
Pass Templates, Locations, Beacons & Links: Filtering, Listing and Counting by API
Setting your project live
PassKit + Iterable - How to update pass records from a webhook
PassKit + Iterable - How to retrieve a pass record in a Data feed
Did this answer your question?