Closed TomoLV closed 4 years ago
Hello @TomoLV ,
It is not possible to do this. I have some questions reagarding this:
Best, @prempador
@prempador Thank you for such a fast response.
Here are answers to your questions:
access_token
and refresh_token
(backend is managing the tokens and simply passes them via this endpoint)@TomoLV
backend is managing the tokens and simply passes them via this endpoint
So your backend (or the clients backend) is doing authorization with our auth endpoints, with the credentials saved in your backend.
Currently it is client's preference not to expose the Key-Pair due to security concerns
Same should be said about AT and RT
@prempador That's correct.
We've come to a conclusion that API Key/Secret pair (instead of AT/RT) is going to be exposed by the client's backend.
While integrating
fiskaly-sdk-swift
with our client's app it turned out that they would prefer not to haveAPI_KEY
andAPI_SECRET
exposed to the iOS application. Because of that, I have a question regarding request authentication:Is it possible to initialize
FiskalyHttpClient
without providingAPI_KEY
andAPI_SECRET
and authenticate each request by adding access_token (received from our client's backend) to the headers as["Authorization", "Bearer {{access_token}}"]
?UPDATE: I've tried to accomplish that by initializing
FiskalyHttpClient(apiKey: "dummy_key", apiSecret: "dummy_secret", baseUrl: "https://kassensichv.io/api/v1/")
and then adding authorization header to the request as described above.As a result I'm getting following error:
{"status_code":401,"error":"Method Not Allowed","message":"Invalid credentials"}