JWT Tokens

Authenticate API requests by generating a short‑lived JSON Web Token signed with your API key.

When to use

Use JWTs when you don't want to expose your API key to the caller (e.g. from a browser or an untrusted runtime). Generate tokens server‑side and forward them to clients.

Token payload

Generate a signed JWT with payload {"client_id": WB_CLIENT_ID, "iat": CURRENT_UNIX_TIMESTAMP} using HS256 and your WB_API_KEY as the secret.

Make authenticated requests

Send HTTP Basic auth with username WB_CLIENT_ID and password set to the signed token.

Python

import osimport os

import timeimport time

import jwtimport jwt

import requestsimport requests

def wb_get_request(url):def wb_get_request(url):

client_id = os.environ['WB_CLIENT_ID'] client_id = os.environ['WB_CLIENT_ID']

api_key = os.environ['WB_API_KEY'] api_key = os.environ['WB_API_KEY']

token = jwt.encode({ token = jwt.encode({

'client_id': client_id, 'client_id': client_id,

'iat': int(time.time()), 'iat': int(time.time()),

}, api_key, algorithm='HS256') }, api_key, algorithm='HS256')

response = requests.get(url, auth=(client_id, token)) response = requests.get(url, auth=(client_id, token))

response.raise_for_status() response.raise_for_status()

return response return response

Ruby

require 'http'require 'http'

require 'jwt'require 'jwt'

def wb_get_request(url)def wb_get_request(url)

client_id = ENV['WB_CLIENT_ID'] client_id = ENV['WB_CLIENT_ID']

api_key = ENV['WB_API_KEY'] api_key = ENV['WB_API_KEY']

token = JWT.encode({ client_id: client_id, iat: Time.now.to_i }, api_key) token = JWT.encode({ client_id: client_id, iat: Time.now.to_i }, api_key)

HTTP.basic_auth(user: client_id, pass: token).get(url) HTTP.basic_auth(user: client_id, pass: token).get(url)

endend