MyPages API
Authentication

“Partner access token” is used as authentication for all further communication with the My Pages API. The token should be sent as a Bearer Token in the header request to authenticate.

Partner Access Token

Obtain Partner Access Token

To obtain the partner access token, send POST request with clientId and clientSecret as a JSON to /Auth/token. The token should then be sent as a Bearer Token in the header of all further requests. It should never be displayed to the customer or sent to the frontend of the application.

Token is valid for 1 hour, then it needs to be regenerated.

Payload:
PropertyData typeDescription
clientIdstringCredentials you receive from Avarda
clientSecretstringCredentials you receive from Avarda

Request

POST /auth/token

{
  "clientId": "659e57c9-d970-4db8-b003-8ba04cc157f9",
  "clientSecret": "4~{x*6%gvBt(:aD"
}

Response

{
  "token": "string",
  "tokenExpirationUtc": "2021-11-26T13:08:29.551Z"
}

Token expiration

Partner access token follows the JSON Web Token (JWT) standard which you can read more about at JWT.io (opens in a new tab). Since a token only is valid for one hour, you need to keep track of the expiration time.

There are two ways you can find the expiration DateTime of the token:

  • Reading field tokenExpirationUtc after calling /auth/token with clientId and clientSecret
  • Decoding JWT using library of your choice and reading exp property of the token

Handling of the token

It is recommended that the token is created and re-used during its life cycle. To do that, securely store the partner access token after its creation (for example in memory) and use it when calling My Pages API. Use tokenExpirationUtc or exp to generate new token before the old one expires periodically or check the token expiration before calling My Pages API. Re-using partner access token between user sessions and for all communication with Avarda will improve performance and reduce user wait times between sessions.