To operate on behalf of a Person, you must first obtain a JWT Access Token for that Person. This will be handled for you on the client side when using the Outseta Script. However, there are times you’d like to do so yourself using the Outseta API either client and/or server-side.
Relevant articles:
👉 The payload of an Outseta JWT Access Token
👉 Decode and verify Outseta JWT Access Tokens server-side
Person vs. Account
In Outseta, a person can be a member of multiple accounts, and an Outseta JWT Access Token is tied to only one of these accounts. Therefore, the steps will differ depending on whether the person is a part of multiple accounts.
One Person, Single Account
When the person belongs to a single account, a single post call to the Token Endpoint is sufficient to get a token to operate on behalf of the person tied to the account.
- Request to the Token Endpoint:
POST/api/v1/tokens- Client-Side: The body of the request must be the user's username (email) and password
- Server-Side: The authorization header must be
Outseta {{apiKey}}:{{apiKeySecret}}
- Test it all went well by making a call to the Profile Endpoint:
GET/api/v1/profile- The authorization header must be
Bearer {{token returned in the step above}}
- The authorization header must be
One Person, Multiple Accounts
When the person belongs to multiple accounts, we need to extend the flow above. After doing a post-call to the Token Endpoint, you’ll get the token associated with the account the person should operate on behalf of.
- Request to the Token Endpoint:
POST/api/v1/tokens- Client-Side: The body of the request must be the user's username (email) and password
- Server-Side: The authorization header must be
Outseta {{apiKey}}:{{apiKeySecret}}
- Request to the Subscriptions Endpoint:
GET/api/v1/billing/subscriptions- The authorization header must be
Bearer {{token returned in the step above}} - The request returns all the subscriptions associated with the person, each connected to one account.
- Select the subscription for which you want to generate an access token.
- The authorization header must be
- Request to the Token Endpoint:
POST/api/v1/tokens?subscriptionUid={{subsription uid from the step above}}
- Client-Side: The body of the request must be the user's username (email) and password
- Server-Side: The authorization header must be
Outseta {{apiKey}}:{{apiKeySecret}}
- Test it all went well by making a call to the Profile Endpoint
GET/api/v1/profile- The authorization header must be
Bearer {{token returned in the step above}}
- The authorization header must be
If you already know the subscription uid, you may, of course, go straight to step 3.