JWT and token signing
Zlick requires jwt token as one of the function inputs. We do that to be able to verify the source of requests. More info about web tokens can be found at jwt.io.
JWT tokens are signed by the client secret provided to you by Zlick team. You must sign this token with the secret using the 'HS256' algorithm.
Important Note:
JWT signing must only be done on your server and you should never expose your client secret to frontend.
JWT header
The header of the web token must be:
{
"alg": "HS256",
"typ": "JWT"
}
There are 2 types of payload supported:
Standard Payloads
Purchase Payload
Properties:
- apiClientToken (string): Your client token provided to you by Zlick team
- product (object):
- amount (number): Amount in change (cents, pennies, etc). Currency is fixed for a client account
- productId (string): Your product ID
Example:
{
apiClientToken: 'xxxxxxxxxxxxxx',
product: {
amount: 150,
productId: '123'
}
}
Subscription Payload
Properties:
- apiClientToken (string): Your client token provided to you by Zlick team
- productName (string): Subscription product name. Defined when creating a client account with Zlick. Subscription details are stored inside Zlick's database and must be pre-defined after client account creation.
Example:
{
apiClientToken: 'xxxxxxxxxxxxxx',
productName: '123'
}