JWT and token signing

Zlick requires jwt token as one of the function inputs. We do that to be able to verify the source of requests. More info about web tokens can be found at jwt.io.

JWT tokens are signed by the client secret provided to you by Zlick team. You must sign this token with the secret using the 'HS256' algorithm.

Important Note:

JWT signing must only be done on your server and you should never expose your client secret to frontend.

JWT header

The header of the web token must be:

{
  "alg": "HS256",
  "typ": "JWT"
}

There are 2 types of payload supported:

Standard Payloads

Purchase Payload

Properties:

apiClientToken (string): Your client token provided to you by Zlick team
product (object):
- amount (number): Amount in change (cents, pennies, etc). Currency is fixed for a client account
- productId (string): Your product ID

Example:

{
  apiClientToken: 'xxxxxxxxxxxxxx',
  product: {
    amount: 150,
    productId: '123'
  }
}

Subscription Payload

Properties:

apiClientToken (string): Your client token provided to you by Zlick team
productName (string): Subscription product name. Defined when creating a client account with Zlick. Subscription details are stored inside Zlick's database and must be pre-defined after client account creation.

Example:

{
  apiClientToken: 'xxxxxxxxxxxxxx',
  productName: '123'
}

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search