Authentication

Server to Server

A partner may integrate from their servers to Zapper' on behalf of their clients. This is regarded a server to server integration and has a slightly different authentication mechanism. When a partner is on-boarded, an organisation is created within Zapper to house all of its data. Along with it a token is created. The combination of the partners' organisation id and their token is used to authenticate with Zapper and receive and identity token which can be used in subsequent requests.

Tokens are only valid for 15 minutes.

The token can be decoded where the exp will represent the expiry value.

The expiry value is represented as the number of seconds since the epoch.

post
Service Account Login

https://api.zapper.com/v1/auth/service/login
This method produces an identity token used in subsequent requests to authenticate the caller
Request
Response
Request
Headers
x-api-key
required
string
API access key
Body Parameters
apiToken
required
string
The partners API token
organisationId
required
string
The partners identifier
Response
200: OK
The identity token
identity-token-string

Client to Server

A partner may choose to have their customers speak directly with Zapper's APIs. This is regarded as a client to server integration. The customer must have onboarded with Zappers APIs in order to create a customer identity. Upon creation, they will be able to login in and receive an identity token. This is similar to the server to server integration, but the token contains customer level information and access.

post
Register a Customer

https://api.zapper.com/v1/auth/customers/register
This registers a user account as a customer of the organisation
Request
Response
Request
Headers
x-api-key
required
string
API access key
Authorization
required
string
Bearer <Identity Token> The identity token received from the service account login
Body Parameters
userId
required
string
The users identity
Response
200: OK

post
Customer Login

https://api.zapper.com/v1/auth/customers/login
This method will log the user into the organisation with the appropriate permissions to interact with the platform
Request
Response
Request
Headers
x-api-key
required
string
API access key
Authorization
required
string
Bearer <Identity Token> The identity token received from the service account login.
Body Parameters
email
required
string
The users email address
password
required
string
The users password
Response
200: OK