BRP API

Authorization

Emulate API supports authorization with a JSON Web Token signed with a public/private key pair. The body of the token contains the BRP's ID provided by Emulate.

When you create a token, you can choose its expiration period according to your preferences. You may choose a long expiration period or set it to a short time to implement a policy of regular token changes.

Emulate API uses RS256 as the signing algorithm. To sign the JWT, you can either use a public/private key pair generated by any third-party tool of your choice or generate a key pair in the Emulate portal.

After generating your JSON Web Token, you can use it in the Authorization header of HTTP requests to the Emulate BRP API.

Key generation

To obtain a public/private key pair to sign a JWT, contact your Emulate customer representative.

Signing of The JSON Web Token

Use your private key to sign the JSON Web Token and make sure you select the RS256 algorithm. The example below shows the JWT signature in Node.js, where the private key is passed as the key variable and the Emulate BRP ID - as the brpId variable:

npm install jsonwebtoken

const jwt = require("jsonwebtoken");

// Please replace with the real one

const brpId = 42;

const privateKey = "<some key>";

let token = jwt.sign({ aud: "https://api.emulate.network/", brp: brpId }, privateKey, {

algorithm: "RS256",

});

The aud parameter must always be set to the same value: https://api.emulate.network/, regardless of the Emulate environment you are using.

What to read next

→

For a full description of requests, responses, and parameters, see the BRP API Reference . To download the complete API Reference, navigate to the BRP API Reference . page and click Download OpenAPI spec.