# Authentication for API Endpoints

All endpoints of the APIs require an `X-API-Key` in the header. This API key will be provided to you by Jay. Please contact our support team to obtain your API key.

## Example: Playout API Request with `X-API-Key`


```bash
curl -X GET "https://api.jayplatform.com/playout" \
  -H "X-API-Key: your_api_key_here"
```

## Basket API Authentication

All endpoints are protected with a standard Authentication Bearer JWT token. We provide two mechanisms for authentication:

### 1. Partner-Provided JWT Token

A JWT token provided through a identity provider of the streaming platform. The API server needs to be able to verify the signature of the JWT token with the identity provider.

This allows comfort functions like:

- A customer ID - to prevent users from re-entering their data multiple times.
- A payment token - to enable checkout with a single click.


#### Requirements:

- The JWT token must be validated on the partner's side.
- The user ID must be specified in the `sub` field of the payload.
- Optionally, a static issuer can be specified in the `iss` field of the payload.
- Optionally, a static audience can be specified in the `aud` field of the payload.


#### Example: Basket API Request with Partner-Provided JWT Token


```bash
curl -X POST "https://api.jayplatform.com/basket/add" \
  -H "X-API-Key: your_api_key_here" \
  -H "Authorization: Bearer your_jwt_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "productId": "12345",
    "quantity": 1
  }'
```

### 2. Guest User JWT Token

A JWT token and a user ID are generated on an endpoint in the Basket API for guest users. In such cases, the basket has some limitations:

- The basket is a fresh one (filled only with the products specified).
- No comfort functions are available.
- The JWT token expires after 30 days.


#### Example: Generate Guest User JWT Token


```bash
curl -X POST "https://api.jayplatform.com/basket/guest-token" \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "guest_user_123"
  }'
```

#### Example: Basket API Request with Guest User JWT Token


```bash
curl -X POST "https://api.jayplatform.com/basket/add" \
  -H "X-API-Key: your_api_key_here" \
  -H "Authorization: Bearer guest_jwt_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "productId": "67890",
    "quantity": 2
  }'
```