JWT Tokens

Authenticate API requests by generating a short‑lived JSON Web Token signed with your API key.

When to use

Use JWTs when you don't want to expose your API key to the caller (e.g. from a browser or an untrusted runtime). Generate tokens server‑side and forward them to clients.

Token payload

Generate a signed JWT with payload {"iat": CURRENT_UNIX_TIMESTAMP} using HS256 and your WB_API_KEY as the secret.

Make authenticated requests

Send the signed token as a Bearer token in the Authorization header.

Python

import osimport os

import timeimport time

import jwtimport jwt

import requestsimport requests

def wb_get_request(url):def wb_get_request(url):

api_key = os.environ['WB_API_KEY'] api_key = os.environ['WB_API_KEY']

token = jwt.encode({ token = jwt.encode({

'iat': int(time.time()), 'iat': int(time.time()),

}, api_key, algorithm='HS256') }, api_key, algorithm='HS256')

response = requests.get(url, headers={'Authorization': f'Bearer {token}'}) response = requests.get(url, headers={'Authorization': f'Bearer {token}'})

response.raise_for_status() response.raise_for_status()

return response return response

Ruby

require 'http'require 'http'

require 'jwt'require 'jwt'

def wb_get_request(url)def wb_get_request(url)

api_key = ENV['WB_API_KEY'] api_key = ENV['WB_API_KEY']

token = JWT.encode({ iat: Time.now.to_i }, api_key) token = JWT.encode({ iat: Time.now.to_i }, api_key)

HTTP.auth("Bearer #{token}").get(url) HTTP.auth("Bearer #{token}").get(url)

endend