# How to handle User ID ## Overview This guide explains how to securely handle user identification when interacting with the Basket API. It explains the JWT-based authentication framework to ensure security and GDPR compliance. ## JWT Authentication Framework To ensure secure operations, the Basket API requires JSON Web Token (JWT) authentication across all endpoints. This guarantees that only authenticated users can manipulate their own baskets. ### Implementation Options #### Option A: Integration with Streaming Provider IdP 1. The streaming provider's Identity Provider (IdP) generates and issues JWT tokens. 2. Clients include these tokens in the `Authorization` header with each request. 3. The Basket API performs two-stage verification: - **Authentication**: Validates the cryptographic integrity of the JWT token. - **Authorization**: Verifies the token was issued by a trusted authority. **Example JWT Structure**: ```json { "iss": "https://idp.streamingprovider.com", "sub": "user123", "exp": 1716239022 } ``` #### Option B: In-house Token Generation 1. The backend provides an anonymous route accessible to users. 2. Upon request, the system generates a JWT token using internal public/private key infrastructure. 3. The token is returned to the client, which must include it in the `Authorization` header for all subsequent requests. ### Interoperability Both options can be implemented simultaneously, providing a fallback mechanism to ensure reliability and flexibility. ## API Endpoints ### Basket Operations - **Get Basket**: [GET /baskets/users/{userId}](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D/get) - **Delete Basket**: [DELETE /baskets/users/{userId}](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D/delete) ### Product Operations - **Add Product**: [POST /baskets/users/{userId}/products/{productId}](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D~1products~1%7BproductId%7D/post) - **Update Product**: [PATCH /baskets/users/{userId}/products/{productId}](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D~1products~1%7BproductId%7D/patch) - **Delete Product**: [DELETE /baskets/users/{userId}/products/{productId}](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D~1products~1%7BproductId%7D/delete) ### Checkout Operations - **Start Checkout Session**: [POST /baskets/users/{userId}/checkout/sessions](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D~1checkout~1sessions/post) - **Finish Active Checkout**: [POST /baskets/users/{userId}/checkout/sessions/finish-active](/apis/basket/latest/openapi#/paths/~1baskets~1users~1%7BuserId%7D~1checkout~1sessions~1finish-active/post) ## Security Benefits - **Cross-User Protection**: Prevents unauthorized access to other users' baskets. - **GDPR Compliance**: Reduces exposure of personal identifiers to third parties. - **Improved Authentication**: Provides cryptographic verification of request authenticity. Support For any questions or support needs during implementation, please contact the [Jay Support Team](mailto:support@transfermedia.de).