How to handle User ID

Overview

This guide explains how to securely handle user identification when interacting with the Basket API. It explains the JWT-based authentication framework to ensure security and GDPR compliance.

JWT Authentication Framework

To ensure secure operations, the Basket API requires JSON Web Token (JWT) authentication across all endpoints. This guarantees that only authenticated users can manipulate their own baskets.

Implementation Options

Option A: Integration with Streaming Provider IdP

The streaming provider's Identity Provider (IdP) generates and issues JWT tokens.
Clients include these tokens in the Authorization header with each request.
The Basket API performs two-stage verification:
- Authentication: Validates the cryptographic integrity of the JWT token.
- Authorization: Verifies the token was issued by a trusted authority.

Example JWT Structure:

{
  "iss": "https://idp.streamingprovider.com",
  "sub": "user123",
  "exp": 1716239022
}

Option B: In-house Token Generation

The backend provides an anonymous route accessible to users.
Upon request, the system generates a JWT token using internal public/private key infrastructure.
The token is returned to the client, which must include it in the Authorization header for all subsequent requests.

Interoperability

Both options can be implemented simultaneously, providing a fallback mechanism to ensure reliability and flexibility.

API Endpoints

Security Benefits

Cross-User Protection: Prevents unauthorized access to other users' baskets.
GDPR Compliance: Reduces exposure of personal identifiers to third parties.
Improved Authentication: Provides cryptographic verification of request authenticity.

Support

For any questions or support needs during implementation, please contact the Jay Support Team.