Authentication

Before you can make requests to the azakaw API, you need to obtain an authentication token. This token must be included in all subsequent requests.

Getting an Access Token

POST {auth_base_url}/api/AppSessionManager/GetAppToken

Request Body

{
  "appId": "your-app-id",
  "appSecret": "your-app-secret",
  "tenantId": "your-tenant-id"
}

Response

{
  "version": null,
  "statusCode": 200,
  "messages": [
    "Processed successfully"
  ],
  "result": {
    "token": "eyJhbGciOiJIUzI1NiIs..."
  }
}

Using the Token

Include the token in the Authorization header of all subsequent requests:

Authorization: Bearer your-token-here

Token Expiration

Tokens are valid for 24 hours
Store tokens securely and never expose them in client-side code

Security Best Practices

Token Storage

Store tokens in secure server-side storage
Never store tokens in client-side storage (localStorage, sessionStorage)

Getting an Access Token​

Request Body​

Response​

Using the Token​

Token Expiration​

Security Best Practices​

Token Storage​