The eHUB API uses the standard JSON Web Token (JWT) Authorization header to pass the authentication information. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. Please see the JWT documentation.
The following JWT claims are in use by eHUB:
The Authorization header has the following form.
Bearer
eyJhbGciOiJIUzI1NiJ9.eyJlaHViQ29uc3VtZXJJZCI6MTM5NjMsInBpbiI6IjExMTEiLCJwYXRyb25JZCI6IjMzMjc1YThhYTQ4ZWE5MThiZDUzYTkxODFhYTk3NWYxNWFiMGQwNjQ1Mzk4ZjU5MThhMDA2ZDA4Njc1YzFjYjI3ZDVjNjQ1ZGJkMDg0ZWVlNTZlNjc1ZTI1YmE0MDE5ZjJlY2VhMzdjYTllMjk5NWI0OWZjYjEyYzA5NmEwMzJlIiwibGlicmFyeUNhcmQiOiIxMTExIiwiaWF0IjoxNDkzODAyMDI1fQ.890Y-IyepLl-5p040V8ARV-SARh5UjeClC1kAHlWN4E
The above authorization header can be decoded into the following JSON object (please use the JWT Debugger):
{ "ehubConsumerId": 13963, "pin": "1111", "patronId": "33275a8aa48ea918bd53a9181aa975f15ab0d0645398f5918a006d08675c1cb27d5c645dbd084eee56e675e25ba4019f2ecea37ca9e2995b49fcb12c096a032e", "libraryCard": "1111", "iat": 1493802025 }
The secret key used in the above example was: c2VjcmV0S2V5 (base64 encoded)