ACCESS_TOKEN VALIDATION
If you want to validate the access_token from your backend server, you can use the jwk endpoint.
Request :
| Type | Endpoint |
|---|---|
| GET | https://api.accor.com/contacts/v1.0/jwk |
Parameters :
|
Headers |
Value |
Required |
|---|---|---|
| Apikey | The apikey value generated when you register your application. | Yes |
| appId | The appId key value generated when you register your application. | Yes |
A JWK request returns a JSON object containing a list of JWK-standard public keys to be cached
Example of request :
GET https://api.accor.com/contacts/v1.0/jwk
apikey: {your_apikey}
appId: {your_appId}
Example of response :
{
"keys": [{
"kid": "AAAA5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"e": "AQAB",
"n": "kNk1gR4QZJgNT-titvKUL3Ck7jUmcu4AOwvqUNG0gappa3qSuMSPjT_ORC2ouvD-ZoRq0KdSVdhbfHpBwiA29K_GSUla9mvKGIndLWJoKrThNWg_rv_idYCQ6Yc5aLCDjKhcFX0SupNy7hN52QHMRQjTmpAJK4nu39gbPWIQtfnxYNZXz2dOHanXd4m7yRaL…"
}, {
"kid": "BBBB5eXk4xyojNFum1kl2Ytv8dlNP4-c57dO6QGTVBwaNk",
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"e": "AQAB",
"n": "oBj9M7242QKr-pwmMlmSubHz3qsnp2-7uQ01kCx5SGRKU_S7ldnRFXdKhf_PemGITv1UXWuVT7nJfw_3k7hngCU4zd-Iw6kb5Tbj2yyBtxYtl5po9OTC7u33E6gz6S54f3V9ji5PWWRUnjqm7qqVTADXfw41oAyuCcWjHELEPgVofaBrE702zkEijZ9R7WBuqVP8AZG9xYiIDFdw5pltnJU3_..."
}
]
}
ACCESS_TOKEN FORMAT
The token consists of three main parts separated with a . (period):
- header - Metadata about the token and its cryptographic algorithm
- payload - Claims about the issuer, the user and user authorization
- signature - For verification of the integrity of the token
To decode the token, you need to do a base64url decode of each part. The decoded parts will be represented as JSON content data.
Header :
|
Header |
Value |
Required |
|---|---|---|
| kid | Public identifier key | Yes |
| alg | RS256 | Yes |
| typ | JWT | Yes |
Payload :
|
Parameters |
Value |
Required |
|---|---|---|
| token_use | Two values depending of the token: access or refresh | Yes |
| scp | List of access rights (scopes) | Yes |
| client_id | The Accor appId | Yes |
| pmid | Accor Id for customer | Yes |
| contactid | Another Accor Id for customer | Yes |
| exp | Expiration - Time when the token will expire | Yes |
Signature :
|
Parameters |
Value |
Required |
|---|---|---|
| string | Token signature | Yes |