Authentication

You must issue App Secret before issuing jwt token to use channel APIs.

Follow below sequences from App config - Authentication & Authorization in Channel Development Portal.

1. Issuing App Secret

Click Issue button located on the top of the App Settings page. Be careful not to expose issued secret. Previously issued secret will be invalidated if you refresh it.

2. Registering App Permissions

You must select the Functions you want to use on each sections: Channel, User, Manager. See here for details on each function.

Permissions you selected on User and Manager sections will be included in tokens passed to WAM.

Permissions you selected on Channel section can be issued with token by following process (3).

3. Exchanging App Secret with Token through Native Function

Once you have issued App secret, you can exchange it with jwt token using Native Function.

Token requests including issueToken and refreshToken has rate-limit: 10 tokens per 30 minutes with fixed-window.

Be aware that your token request can be rejected due to rate-limit mechanisms even if you used valid secret and channelId.

IssueToken

method	PUT
endpoint	app-store-api.channel.io/general/v1/native/functions
notes	Exchange jwt token with App Secret

Request
```
{
	"method": "issueToken",
	"params": {
		"secret": ""
		"channelId": ""
	}
}
```
fields notes required type
secret App Secret true string
channelId channelId if you want to specify chanenl false string

If you do not specify channelId , app token will be issued by default. It includes permissions of following Native Functions.
- registerCommands - registers commands to app. For detailed explanations, please refer Command documentations.
  
  If you specify channelId, you can issue token including permissions you selected on Channel section on step (2). In this case, make sure your app is installed on specified channel.
Response
```
{
	"accessToken": "{access-token}",
	"refreshToken": "{refresh-token}",
	"expiresIn": 1800,
}
```
fields notes required type
refreshToken refreshToken true string
accessToken accessToken false string
expiresIn seconds true int64

Your token is located on accessToken . See below for usage of refreshToken.

fields	notes	required	type
secret	App Secret	true	string
channelId	channelId if you want to specify chanenl	false	string

fields	notes	required	type
refreshToken	refreshToken	true	string
accessToken	accessToken	false	string
expiresIn	seconds	true	int64

refreshToken

method	PUT
endpoint	app-store-api.channel.io/general/v1/native/functions
notes	refresh token

Request

{
	"method": "refreshToken",
	"params": {
		"refreshToken": "{refresh-token}"
	}
}

params	notes
refreshToken	refreshToken you got on above step

Response

{
	"accessToken": "{access-token}",
	"refreshToken": "{refresh-token}",
	"expiresIn": 1800,
}

4. Using jwt Token

You can use jwt tokens on x-access-token http header when using Native Functions or Functions.

Example using x-access-token on Function calling)

PUT app-store-api.channel.io/general/v1/native/fucntions
x-access-token: "{token}"
...

{
	"method": "writeUserChatMessage"
	"params": { ... }
}