# Requests and Responses ## Authentication Request The CONNECT Authenticate API uses a simple POST request with your username (User Key) and password to generate a JWT token. ## Request: Create Token **Endpoint:** ```http POST https://connect.creditsafe.com/v1/authenticate ``` **Headers:** ```curl Content-Type: application/json ``` **Request Body:** ```json { "username": "myUsername", "password": "myS3cretP@ssw0rd999!" } ``` ### Request Parameters | Parameter | Data Type | Max Length | Required | Description | | --- | --- | --- | --- | --- | | **username** | String | 30 | Yes | Your User Key as provided by Creditsafe (case-sensitive) | | **password** | String | 30 | Yes | Your password as chosen by yourself (case-sensitive) | Important: User Key vs Email The **email-based usernames** used for logging into Creditsafe websites are **NOT** the same as the username required for our APIs. The username parameter must be your **User Key** provided by Creditsafe. If you're unsure of your User Key, please contact Creditsafe integration support. Case Sensitivity Both username and password are **case-sensitive**. Ensure you enter them exactly as provided. ## Response: Created Token ### HTTP Response code: 200 OK ```json { "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Im…hPeGE7Ak8YtKFbA" } ``` ### Response Parameters | Parameter | Description | | --- | --- | | **token** | String - Token to be used when calling other Creditsafe REST APIs. Valid for 1 hour. | Token Usage Copy the `token` value and include it in the `Authorization` header as `Bearer {token}` for all subsequent API requests to any Creditsafe Sweden REST API. ## How to Include Authentication Token as a Request Header Below is an example of how a web service call includes a token in the header. In this example, we are using the datecheck/company service: **Example Request:** ```bash HEADER: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Im…hPeGE7Ak8YtKFbA URL: https://se-webservice.apps.creditsafe.com/datecheck/company?searchnumber=5565144408&referencedate=2020-08-29&transactionid=Example&language=sv Method: GET ``` ## Token Lifecycle - A successfully generated token is **valid for one hour** - When your token expires, you can request a new one independently of the current token - **Multiple valid tokens can exist simultaneously** - Each token can be used with any of the supported services as long as it remains active ## Token Expiration Handling When an expired token is used in a call, a **403 HTTP Status (Token Expired)** response will be returned. ### Recommended Token Refresh Strategies **Strategy 1: Reactive Refresh** 1. Catch the 403 Token Expired response 2. Refresh the token when needed 3. Repeat the latest call that was denied **Strategy 2: Proactive Refresh** (Recommended) 1. Track the timing of when the token was fetched 2. Request a new token before the previous one expires 3. Refresh approximately **55 minutes** after the previous token was generated ## Example: Complete Authentication Flow **Step 1: Authenticate** ```bash curl -X POST https://connect.creditsafe.com/v1/authenticate \ -H "Content-Type: application/json" \ -d '{"username":"myUsername","password":"myS3cretP@ssw0rd999!"}' ``` **Step 2: Receive Token** ```json { "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Im…hPeGE7Ak8YtKFbA" } ``` **Step 3: Use Token in API Call** ```bash curl -X GET "https://se-webservice.apps.creditsafe.com/datecheck/company?searchnumber=5565144408" \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Im…hPeGE7Ak8YtKFbA" ```