Create a New Project

Generate unique credentials for your project to authenticate future API calls.

Endpoint

POST /root/create

Headers

Name	Type	Required	Description
Authorization	string	Yes	The `root-key` of the project.

Example Request

curl --request POST \
--url http://{{you-endpoint}}:{{your-port}}/root/create \
--header 'Authorization: {{root-key}}' \
--header 'content-type: application/json' \
--data '{
"name":"app_1",
"description":"description",
"token_expire": 3600,
"token_notbefore":0,
"refresh_expire": 7200,
"refresh_notbefore" : 3000,
"algo":"ES256",
"key_type": "ECDSA",
"rotation_period": 31536000
}'

const request = require('request');

const options = {
    method: 'POST',
    url: 'http://{{you-endpoint}}:{{your-port}}/root/create',
    headers: {Authorization: '{{root-key}}', 'content-type': 'application/json'},
    body: {
    name: 'app_1',
    description: 'description',
    token_expire: 3600,
    token_notbefore: 0,
    refresh_expire: 7200,
    refresh_notbefore: 3000,
    algo: 'ES256',
    key_type: 'ECDSA',
    rotation_period: 31536000
    },
    json: true
};

request(options, function (error, response, body) {
    if (error) throw new Error(error);

    console.log(body);
});

import requests

url = "http://{{you-endpoint}}:{{your-port}}/root/create"

payload = {
    "name": "app_1",
    "description": "description",
    "token_expire": 3600,
    "token_notbefore": 0,
    "refresh_expire": 7200,
    "refresh_notbefore": 3000,
    "algo": "ES256",
    "key_type": "ECDSA",
    "rotation_period": 31536000
}
headers = {
    "Authorization": "{{root-key}}",
    "content-type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())

<?php
$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'http://{{you-endpoint}}:{{your-port}}/root/create', [
    'body' => '{
    "name":"app_1",
    "description":"description",
    "token_expire": 3600,
    "token_notbefore":0,
    "refresh_expire": 7200,
    "refresh_notbefore" : 3000,
    "algo":"ES256",
    "key_type": "ECDSA",
    "rotation_period": 31536000
}',
    'headers' => [
    'Authorization' => '{{root-key}}',
    'content-type' => 'application/json',
    ],
]);

echo $response->getBody();

package main

import (
    "fmt"
    "strings"
    "net/http"
    "io"
)

func main() {

    url := "http://{{you-endpoint}}:{{your-port}}/root/create"

    payload := strings.NewReader("{\n  \"name\":\"app_1\",\n  \"description\":\"description\",\n  \"token_expire\": 3600,\n  \"token_notbefore\":0,\n  \"refresh_expire\": 7200,\n  \"refresh_notbefore\" : 3000,\n  \"algo\":\"ES256\",\n  \"key_type\": \"ECDSA\",\n  \"rotation_period\": 31536000\n}")

    req, _ := http.NewRequest("POST", url, payload)

    req.Header.Add("Authorization", "{{root-key}}")
    req.Header.Add("content-type", "application/json")

    res, _ := http.DefaultClient.Do(req)

    defer res.Body.Close()
    body, _ := io.ReadAll(res.Body)

    fmt.Println(res)
    fmt.Println(string(body))

}

AsyncHttpClient client = new DefaultAsyncHttpClient();
client.prepare("POST", "http://{{you-endpoint}}:{{your-port}}/root/create")
    .setHeader("Authorization", "{{root-key}}")
    .setHeader("content-type", "application/json")
    .setBody("{\n  \"name\":\"app_1\",\n  \"description\":\"description\",\n  \"token_expire\": 3600,\n  \"token_notbefore\":0,\n  \"refresh_expire\": 7200,\n  \"refresh_notbefore\" : 3000,\n  \"algo\":\"ES256\",\n  \"key_type\": \"ECDSA\",\n  \"rotation_period\": 31536000\n}")
    .execute()
    .toCompletableFuture()
    .thenAccept(System.out::println)
    .join();

client.close();

Request Fields

Field	Type	Required	Description
name	string	Yes	The name of the application.
description	string	No	A brief description of the application.
token_expiry	int	Yes	The time (in seconds) after an issued token expires.
token_notbefore	int	Yes	The time (in seconds) a token becomes valid after issuance.
refresh_expiry	int	Yes	The expiration time (in seconds) for refresh tokens.
refresh_notbefore	int	Yes	The time (in seconds) before a refresh token becomes valid after issuance.
key_type	string enum (RSA,ECDSA)	Yes	The cryptographic key type.
algo	string enum (RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512)	Yes	The JWT signing algorithm.
rotation_period	int	Yes	The period (in seconds) after which cryptographic keys should be rotated.

Example Success Response

{
"algo": "ES256",
"app_id": "01JMTZ5WC6WDGKK1ZG6FD6SRJ6",
"app_key": "zavFhalFT6pYCJRXQfakV6+CWE6888D6Fj00PXdF8NRo7qOohBj9GnPy7z8ADEjxJngcz4CSE7Z5KbE8dx5h17ObGwXevDB8pwiv4zdkKpJ4+1KgvDJvSri+nxQ29Dhw",
"public_key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFSWdTSlcwY3M5WkZ6OFpzZjRmL0JOaERkWWJ3QwpuVDg1ekNscGNqSWp5YW5ySWZxQnkxS3NNQ2Z0TUFSSS94REhySEVKUW9UMm9TTFA5c0hNbTErZHFBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=="
}

Response Fields

Field	Type	Description
algo	string	Your selected algo for the JWT signing and verification.
app_id	string	Unique identifier in ULID format for the created project.
app_key	string	The secret key used for APP API authentication.
public_key	string	The base64 encode public key associated with the project for for frontend JWT verification.

Responses

Status Code	Description
200 Ok	Success
400 Bad Request	Mostly when the form validation fails. The error will be returned as a response.
403 Access Denied	When the provided root key in Authorization header is invalid.
500 Internal Server Error	Mostly because of the database error. Check the log for root cause details.