Authentication

Getting your token

Use your API key and secret to obtain a JWT token by calling the Login API.
If you don't specify a validity time, this token will allow you to call byrd APIs during the next 7 days.

API description: LoginAPIV2

{
  "username": "your_api_key",
  "password": "your_secret"
}
{
  "token": "<JWT TOKEN>",
  "payload": {
    "iat": 1540912444,
    "exp": 1541517244,
    "aud": "api.getbyrd.com",
    "jti": "UUID",
    "nbf": 1540912444,
    "loc": [
      "UUID"
    ],
    "sub": "UUID",
    "iss": "api.getbyrd.com",
    "role": "customer"
  }
}

Using the token in your API calls

Call any other byrd APIs including the token in the Authorization header with the word Bearer, like this:

Authorization: Bearer <JWT TOKEN>

❗️

Treat tokens with care. Never share tokens with other users or applications. Do not publish tokens in public code repositories, logs, emails or instant messages.

Rate limit for the login endpoint

The login endpoint allows a maximum of five calls per minute. If the frequency exceeds five calls per minute, any call from the same client IP or User Agent will be blocked.

📘

Ensure your integration saves the token internally and uses it until it expires. Depending on your shipment volume, calling the login endpoint every time you need to call any other endpoint can easily reach the five calls per minute limit and, therefore, any call is blocked.