Creating a JWT authentication token for use with the open API
The ZEPETO open API is called via HTTP.
If a body is present in the request, parameters must be sent in JSON format. Examples of valid content types are shown below, and there may be slight differences depending on the respective programming language library.
Before creating a JWT authentication token, you need to get an access key and secret key from the ZEPETO Studio console.
📘 Please refer to the following guide. Managing Open API
ZEPETO open API generates a JWT(https://jwt.io) format token based on the access key and secret key issued for each request and sends it in the Authorization header.
HS256 is recommended as the signature method, and the secret to be used for signing is the issued secret key.
The JWT token payload has the following format:
- uri_hash is the hashed value of the uri including the query param except for the base path.
- body_hash is the value converted to a json string and hashed to be inserted into the payload only when the request body exists; it is omitted if there is no request body.
- In such a case, there should be no spaces between json string's key and value.
- uri_hash and body_hash must be hashed to the same value as the query param and request body sent to the request. (The order of the values must be identical as well.)
- Limit on number of API calls: Up to 300 calls are available in 1 minute.
Please enter the access key, secret key, worldld, uri, and query param according to the API you wish to use.
The example code below has been written based on the Get Player Data API of the DataStorage category.
Please enter the access key, secret key, worldld, uri, and body param according to the API you wish to use.
The example code below has been written based on the Set Player Data API of the DataStorage category.
❗️ Caution
- OpenAPI is a feature provided for use in a separate web or app.
- Currently, ZEPETO server scripts cannot make ZEPETO Open API calls.
- If you want to make Open API calls in ZEPETO multiplayer, we suggest the following methods:
- Set up a separate server to perform the necessary business logic by communicating with the Open API.
- Use the httpService package in ZEPETO server to communicate directly with the server you've set up.
- Implement a relatively simple authentication method between servers, such as using HTTP Authorize headers, to enable calls within the supported features by ZEPETO server.