Authentication & Access

The Cycle API supports multiple methods for request authorisation. However, only BASIC authorisation is currently enabled and fully operational.

Basic Auth

To authenticate using Basic, include the following in your request header:

Authorization: Basic <base64-encoded login:password>

The password can be:

The agent account password
The agent secret key
A token received after logging in through the application (rarely used)

Example Header

Authorization: Basic dGVzdGluZ2J0Yzp0ZXN0aW5nYnRjcGFzc3dvcmQ=

JWT Auth

JSON Web Token (JWT) is a standard for passing authentication data via a signed token.

1. Header

Defines the algorithm and token type. Cycle uses:

{
  "alg": "HS256",
  "type": "JWT"
}

2. Payload

Contains credentials using the field names "email" and "token".

{
  "email": "test@test.test",
  "token": "123123123"
}

email: The agent’s email in the Cycle system
token: Same options as Basic (password, secret key, or login token)

3. Signature

A server-side secret key is used to sign the JWT. For the demo environment, the secret is:

TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlzIHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2YgdGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGludWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRoZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=

You can learn more or generate JWTs using https://jwt.io

JWT Authorisation Header

Authorization: Jwt <generated_token>

Example

Authorization: Jwt eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRlc3RAdGVzdC50ZXN0IiwidG9rZW4iOiIxMjMxMjMxMjMifQ.nf6FRakkA8PXJzz8qA6_n1UlT6e1PKZjVLx7g-6RbWM

WebSession Auth

To use WebSession authorisation, first request a session key.

1. Request a Session Key

POST https://web-api-pro-demo.cardport.net/api/v1/user/login/session

{
  "Email": "0406191agent@test.demo",
  "Password": "123123123"
}

2. Extract the SessionID

{
  "Data": {
    "SessionID": "55247C57-7B50-4DCC-8362-629790B16652"
  }
}

3. Insert into Header

Authorization: Session 55247C57-7B50-4DCC-8362-629790B16652

Important Note

Only Basic Authorisation is active and debugged for current usage. JWT and WebSession are structurally supported but not required or enabled in production environments.

Introduction

Reference