WARNING: A Long-Lived Token provides full and permanent API access to your account. It should only be used for integrating legacy systems that not able to consume using our SDKs and are unable to dynamically generate a JWT for each request.

If you are integrating via REST then we strongly recommend you authenticate using a JWT, as per this guide.

There are two ways you can obtain a long-lived API token:

Via the PassKit Portal

  1. Navigate to the program that you want to use

  2. Click on settings

  3. Click on integrations

  4. Click the Long Lived API Token button


  5. Provide your password when prompted


  6. Upon successful authentication, your token will be displayed


Via the API

You can also obtain a token by calling the login endpoint with a special request header.

METHOD: POST

URL: https://api.pub1.passkit.io/login

HEADERS: x-passkit-longlived-token: true

BODY: { "username": "xxx", "password": "xxx" }

RESPONSE: { "token": "xxx" }

Long Lived Tokens are not Json Web Tokens. If you use a standard jwt library or a tool like jwt.io to inspect the token it will fail.

Usage

To use your token, include it in your authorization header with a Bearer prefix to consume the REST API.

Authorization: Bearer token

Did this answer your question?