Certain requests in hotglue to fetch tenant-specific information require additional authentication for access.
For instance, if you wish to fetch the raw OAuth credentials for a tenant to make your own requests against the source API, you will need to generate a private signing key and use that to generate a JWT token for access to those endpoints.
To access secure requests you will have to follow these steps:
To generate your private signing key, head to the environment settings page:
From here, press Generate private key under the API Keys section:
Do not share this private signing key!
For security purposes, hotglue does not store your private signing key. Keys are unique to every hotglue environment and can only be generated by an admin.
You should now store this private signing key in your backend, and use it to create a JWT token for secure requests.
Once you have a private signing token generated, you can generate a JWT token from your backend to make secure requests to the hotglue API.
When launching the widget you can pass the JWT token to make secure requests using the options parameter:
The JWT Token is used to access secure information using your Public API Key. If you’re trying to make sensitive requests from your backend, use your Secret API Key instead.
There are several API requests such as GET Linked Sources which allow you to pass the JWT token as a query parameter token to access sensitive data on behalf of a tenant while using your public api key.
Certain requests in hotglue to fetch tenant-specific information require additional authentication for access.
For instance, if you wish to fetch the raw OAuth credentials for a tenant to make your own requests against the source API, you will need to generate a private signing key and use that to generate a JWT token for access to those endpoints.
To access secure requests you will have to follow these steps:
To generate your private signing key, head to the environment settings page:
From here, press Generate private key under the API Keys section:
Do not share this private signing key!
For security purposes, hotglue does not store your private signing key. Keys are unique to every hotglue environment and can only be generated by an admin.
You should now store this private signing key in your backend, and use it to create a JWT token for secure requests.
Once you have a private signing token generated, you can generate a JWT token from your backend to make secure requests to the hotglue API.
When launching the widget you can pass the JWT token to make secure requests using the options parameter:
The JWT Token is used to access secure information using your Public API Key. If you’re trying to make sensitive requests from your backend, use your Secret API Key instead.
There are several API requests such as GET Linked Sources which allow you to pass the JWT token as a query parameter token to access sensitive data on behalf of a tenant while using your public api key.