/access/getCreationToken

Gets a creation token which can be used to make entity.create calls without the use of a client id and secret.

This is targeted for mobile developers who do not want to expose their credentials to untrusted (any) mobile devices. See a video demo in Postman here.

This endpoint supports the following methods:

GET

Authentication

This endpoint supports both Basic authentication (recommended) and janrain-signed authentication.

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Janrain Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Janrain Console on the Manage Application page:

Examples

Example Request


curl -H "Authorization: Basic aW1fYV...NfbXk=" \
    --data-urlencode type_name=user \
    --data-urlencode lifetime=3600\
    --data-urlencode for_client_id=fghi7890fghi7890\
    https://my-app.janraincapture.com/access/getCreationToken

Running this command in Postman

Authorized Clients

owner
access_issuer

Query Parameters

Parameter	Type	Required	Description
type_name	string	Yes	Name of the entityType to be created.
lifetime	string		Length of time (in seconds) that the token remains valid. The default is one hour (3600 seconds).
for_client_id	string		Client ID of the client that will use the token. This is often used when you have read and write schemas configured for specific API clients.

Responses

200 OK

Response Example (application/json)


{
  "stat": "ok",
  "creation_token": "1234567891234567"
}

How to Create an Authentication String

To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it. For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Before you actually try your authentication string, make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

GET

Running this Command in Postman

How to Create an Authentication String