Security and Rate Limiting
Last updated

Security and Rate Limits

Authentication for API Endpoints

All endpoints of the APIs require an X-API-Key in the header. This API key will be provided to you by Jay. Please contact our support team to obtain your API key.

Example: Playout API Request with X-API-Key

curl -X GET "https://api.jayplatform.com/playout" \
  -H "X-API-Key: your_api_key_here"

Basket API Authentication

All endpoints are protected with a standard Authentication Bearer JWT token. We provide two mechanisms for authentication:

1. Partner-Provided JWT Token

A JWT token provided through a identity provider of the streaming platform. The API server needs to be able to verify the signature of the JWT token with the identity provider.

This allows comfort functions like:

  • A customer ID - to prevent users from re-entering their data multiple times.
  • A payment token - to enable checkout with a single click.

Requirements:

  • The JWT token must be validated on the partner's side.
  • The user ID must be specified in the sub field of the payload.
  • Optionally, a static issuer can be specified in the iss field of the payload.
  • Optionally, a static audience can be specified in the aud field of the payload.

Example: Basket API Request with Partner-Provided JWT Token

curl -X POST "https://api.jayplatform.com/basket/add" \
  -H "X-API-Key: your_api_key_here" \
  -H "Authorization: Bearer your_jwt_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "productId": "12345",
    "quantity": 1
  }'

2. Guest User JWT Token

A JWT token and a user ID are generated on an endpoint in the Basket API for guest users. In such cases, the basket has some limitations:

  • The basket is a fresh one (filled only with the products specified).
  • No comfort functions are available.
  • The JWT token expires after 30 days.

Example: Generate Guest User JWT Token

curl -X POST "https://api.jayplatform.com/basket/guest-token" \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "guest_user_123"
  }'

Example: Basket API Request with Guest User JWT Token

curl -X POST "https://api.jayplatform.com/basket/add" \
  -H "X-API-Key: your_api_key_here" \
  -H "Authorization: Bearer guest_jwt_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "productId": "67890",
    "quantity": 2
  }'

Rate Limits

The Playout and Basket API has a rate limit of requests per minute per user. This is to ensure fair usage and prevent abuse of the API. If you exceed this limit, you will receive a 429: Too Many Requests response.

Previous page
Next page