eHUB Provider API Security

1. Home
2. Adding a new media provider
3. eHUB Provider API Guide
4. eHUB Provider API Security

The eHUB API uses the standard JSON Web Token (JWT) Authorization header to pass the authentication information. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. Please see the JWT documentation.

The following JWT claims are in use by eHUB:

• name (public, optional) - patron name
• birth date (private, optional) - patron birth name (ISO date format)
• email (public, optional) - patron email
• iat (public, mandatory) - issued at (time in seconds since epoch see Epoch & Unix Timestamp Conversion Tools)
• exp (public, optional) - expires at (time in seconds since epoch see Epoch & Unix Timestamp Conversion Tools)
• iss (public, mandatory) - site id as provided by the content provider
• patronId (private, optional) - patron id
• libraryCard (private, optional) - patron library card
• ehubConsumerId (private, required) - ehub consumer id.

The Authorization header has the following form.

Bearer eyJhbGciOiJIUzI1NiJ9.eyJlaHViQ29uc3VtZXJJZCI6MywicGF0cm9uSWQiOiJwYXRyb25JZCIsImlzcyI6InNpdGVJZCIsImxpYnJhcnlDYXJkIjoibGlicmFyeUNhcmQiLCJpYXQiOjE0OTQ0OTk1MjQsImVtYWlsIjoid29zQGF4aWVsbC5jb20ifQ.i2HZMtE-UWo19gSCC3r2Tu3FeHfJUZ2kXW1K-J8vPLA

The above authorization header can be decoded into the following JSON object (please use the JWT Debugger):

{
  "ehubConsumerId": 3,
  "patronId": "patronId",
  "iss": "siteId",
  "libraryCard": "libraryCard",
  "iat": 1494499524,
  "email": "wos@axiell.com"
}

The secret key used in the above example was: c2VjcmV0S2V5 (base64 encoded)