Authentication Tokens

Authentication Token Structure

The MOTAR API follows the OAuth2 standard as closely as possible. The following data is encoded as a MOTAR Bearer token and can be decoded and used by vendors as necessary.

  • issuer:

  • audience: for production tokens generated for usage, the issuer shall be For sandbox endpoints generated for usage, the issue shall be

  • subject: the platform user ID of the user account used to login and generated the token.

  • expiresIn: length of time in seconds the token will last before needing to be refreshed. Authentication tokens are configured to last 24 hours, or until the user logs out of the session represented by the token.

  • nonce: the nonce provided by the client during the /sign-in processes

  • jwtid: a unique identifier for the token.

Last updated