ACCESS_TOKEN VALIDATION
If you want to validate the access_token from your backend server, you can use the jwk endpoint.
Request :
Type | Endpoint |
---|---|
GET | https://api.accor.com/contacts/v1.0/jwk |
Parameters :
Headers |
Value |
Required |
---|---|---|
Apikey | The apikey value generated when you register your application. | Yes |
appId | The appId key value generated when you register your application. | Yes |
A JWK request returns a JSON object containing a list of JWK-standard public keys to be cached
Example of request :
GET https://api.accor.com/contacts/v1.0/jwk
apikey: {your_apikey}
appId: {your_appId}
Example of response :
{
"keys": [{
"kid": "AAAA5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"e": "AQAB",
"n": "kNk1gR4QZJgNT-titvKUL3Ck7jUmcu4AOwvqUNG0gappa3qSuMSPjT_ORC2ouvD-ZoRq0KdSVdhbfHpBwiA29K_GSUla9mvKGIndLWJoKrThNWg_rv_idYCQ6Yc5aLCDjKhcFX0SupNy7hN52QHMRQjTmpAJK4nu39gbPWIQtfnxYNZXz2dOHanXd4m7yRaL…"
}, {
"kid": "BBBB5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"e": "AQAB",
"n": "oBj9M7242QKr-pwmMlmSubHz3qsnp2-7uQ01kCx5SGRKU_S7ldnRFXdKhf_PemGITv1UXWuVT7nJfw_3k7hngCU4zd-Iw6kb5Tbj2yyBtxYtl5po9OTC7u33E6gz6S54f3V9ji5PWWRUnjqm7qqVTADXfw41oAyuCcWjHELEPgVofaBrE702zkEijZ9R7WBuqVP8AZG9xYiIDFdw5pltnJU3_..."
}
]
}
ACCESS_TOKEN FORMAT
The token consists of three main parts separated with a . (period):
- header - Metadata about the token and its cryptographic algorithm
- payload - Claims about the issuer, the user and user authorization
- signature - For verification of the integrity of the token
To decode the token, you need to do a base64url decode of each part. The decoded parts will be represented as JSON content data.
Header :
Header |
Value |
Required |
---|---|---|
kid | Public identifier key | Yes |
alg | RS256 | Yes |
typ | JWT | Yes |
Payload :
Parameters |
Value |
Required |
---|---|---|
token_use | Two values depending of the token: access or refresh | Yes |
scp | List of access rights (scopes) | Yes |
client_id | The Accor appId | Yes |
pmid | Accor Id for customer | Yes |
contactid | Another Accor Id for customer | Yes |
exp | Expiration - Time when the token will expire | Yes |
Signature :
Parameters |
Value |
Required |
---|---|---|
string | Token signature | Yes |