Basic concepts

Common authentication concepts to apply to any Wapping API

API Autentication

All the Wapping APIs are protected via API credential and signed via Bearer Auth Token.

Bearer authentication, also known as token authentication, is an HTTP authentication method that uses security tokens called bearer tokens. The term “Bearer” implies that access is granted to whoever holds the token.
A bearer token is a unique, opaque string typically generated by the server in response to a successful login request. To access protected resources, the client must include this token in the Authorization header of the HTTP request, as shown below:

Authorization: Bearer <token>

Originally introduced as part of OAuth 2.0 in RFC 6750, the Bearer authentication scheme is sometimes used independently. Like Basic authentication, it should only be implemented over secure HTTPS connections to prevent token interception.

Authenticate in any API

First step is to call any of the APIs Auth method, all the APIs have to be so a temporary bearer token is provided

curl -X 'POST' \
  'https://any-api.b2w.app/api/Auth/token' \
  -H 'accept: text/plain' \
  -H 'Content-Type: application/json-patch+json' \
  -d '{
  "apiKey": "eyJhbGciOiJIUzI--------hT9KL6cI0WupyuXkY"
}'

After this, with the token received an Authorization header has to be added to be able to call any of the controller for other APIs.

curl -X 'GET' \
  'https://any-api.b2w.app/api/Controller' \
  -H 'accept: text/plain' \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIs-------hcKXc-tMydCYUPXvc'
📘

The authorization method can vary in some APIs where is necessary to provide more information about the entity that is loggin in, and not just on the business name.

If more information is needed you can refer to external documentation like RFC Description or the Swagger documentation

HTTPS/TLS

All calls to the Wapping APIs must be made trough HTTPS and the minimum TLS supported is 1.2.

This is required because these protocols encrypt all data transmitted between the client and server, preventing interception or tampering by attackers. They also ensure the authenticity of the server through certificate validation, protecting against man-in-the-middle attacks. Using TLS 1.2 or above guarantees strong cryptographic algorithms and modern security features, reducing vulnerabilities found in older versions. This combination provides confidentiality, integrity, and trust for sensitive transactions and user data.