Skip to main content

Generating an authorization token

General

This method allows you to generate a JWE token using a private key obtained in RuStore Console. The method also checks the app owner’s activities.

tip

A private key is required to successfully complete the request.

Interaction parameters

POST /public/auth/

warning

From July 30 onward, the companyId parameter for authorization will be deprecated. Use keyId to obtain your authorization token.

AttributeTypeRequiredLocationDescriptionExample
companyIdstringYes, if keyId is not specifiedbodyCompany id. This parameter will be unavailable from July 30, 2024.123
keyIdstringYes, if companyId is not specifiedbodyKey id123
timestampstringYesbodyResponse time delay should not exceed 60 seconds compared to the current server time.2022-07-08T13:24:41.8328711+03:00
signaturestringYesbodyRSA-signature SHA-512 hash in a line that contains companyId and timestamp of a response.
Signature layout and verification algorithm: SHA512withRSA.

Example:
companyId: 123
timestamp: 2022-07-08T13:24:41.8328711+03:00
• String for hash: 1232022-07-08T13:24:41.8328711+03:00
SHA-512 hash: 0976c61...033235
N/A
note

If you have problems understanding the signature parameter algorithm, use keyId instead of companyId to generate this parameter.

You need to pass the company id and the resulting private key. In response, you will receive a body for the POST request /public/auth/ with companyId, timestamp and signature parameters.

.jar-file for companyId;

.jar-file for keyId.

You need to pass the company id and the resulting private key. In response, you will receive a body for POST /public/auth/with companyId/keyId, timestamp and signature..

tip

The generated signature parameter is valid for 1 minute, since it directly depends on the timestamp.

Response example

AttributeTypeRequiredDescriptionExample
codestringYesResponse codeerror/OK
messagestringNoError responseRange timestamp not valid
body{}objectYesN/AN/A
timestamptimestamptzYesResponse time2022-07-08T13:24:41.8328711+03:00

body

AttributeTypeRequiredDescriptionExample
jwestringYesSecurity token to API RuStore (payload is below). Re-usableeyJjdHkiOiJK…sv16aBl8tTg.VkWuTw
ttlintYesToken validity period, sec By default, the token validity periods are set to 900 seconds900

Possible errors

codemessageDescriptionPossible errors
400Range timestamp not validThe timestamp parameter differs by more than 60 secondsUpdate timestamp and signature
404Company key not foundThe private key was not found for the transmitted companyIdCheck whether a private key has been created for this companyId and whether it is up to date
400Company key disabledThe private key for the transferred companyId has been deletedCheck whether a private key has been created for this companyId and whether it is up to date
400Signature encode errorThe signature parameter was generated incorrectlyRegenerate the signature parameter
404You cannot use this action because the company is not foundThe company that corresponds to the passed companyId is missing or inactiveCheck the companyId parameter to ensure it is up to date
400You can't use this action because the company is bannedThe company with the transferred companyId is blockedCheck the companyId parameter to ensure it is up to date
400KeyId or companyId must be not nullCheck keyId or companyId to ensure one of them is up to dateCheck keyId or companyId parameter to make sure that one of them is specified.
400Incorrect usage of companyId. Please use keyIdYou have more than one private key created, you must use the keyId parameter.Use the keyId parameter.

Request example

curl --location 'https://public-api.rustore.ru/public/auth' \
--header 'Content-Type: application/json' \
--data '{
"companyId":"1275328",
"timestamp":"2023-08-11T13:31:17.580+03:00",
"signature":"U4kh.......nFkbuw=="
}

Successful response

{
"code": "OK",
"message": null,
"body": {
"jwe": "eyJlbmMiOiJBM......nuuM227D_O1A",
"ttl": 900
},
"timestamp": "2023-08-11T13:31:33.171847393+03:00"
}