Validate Sandbox Token
During the development of your integration, you will want to validate and check if the JWT token you are generating is valid. This endpoint allows you to check that a JWT your system has generated is valid. This endpoint only works with your SANDBOX credentials - LIVE credentials will be rejected.
Endpoint
- Base Url:
https://poweredby.dosh.com - Path:
/api/auth/token/validate-sandbox - Method:
POST - Content-Type:
application/json
Request Body Format
| Field | Required | Example | Description |
|---|---|---|---|
| secretKey | Yes | 4b990ed8-fde8-4409-9aa7-d710e44cf66b | This is the Secret Key used to sign the JWT token. |
| token | Yes | eyJhbGciOiJIUzI1NiIsIn... | The generated JWT token that need to be validated towards Powered By auth mechanism |
1 2 3 4 | |
Security
The endpoints you expose and that Cardlytics exposes are available over the public internet. To validate that the request originated from an authenticated client, all requests include a JWT which attests to the authenticity of the request. For more details, see: the API Reference: Overview: Cardlytics JWT Authorization Token.
HTTP Conventions
Cardlytics's API endpoints and webhooks adhere to standard HTTP status codes.
Below are the response codes that you may see when calling Cardlytics endpoints and webhooks.
| HTTP Response Code | Description |
|---|---|
200 OK |
Success. The request is understood and acknowledged. The body of the response may indicate additional context or error conditions. |
301 Moved Permanently302 Found |
Cardlytics does not currently require clients to handle redirects. For future proofing, following 1 redirect for a request to Cardlytics is recommended |
401 Unauthorized |
Request does not include required credentials |
403 Forbidden |
Caller is not allowed to invoke the endpoint |
404 Not Found |
Cardlytics cannot locate the resource requested |
405 Method Not Allowed |
Cardlytics does not support the HTTP method requested. Note that most Cardlytics endpoints support POST only |
415 Unsupported Media Type |
Cardlytics does not understand the body of the request. Note that most Cardlytics endpoints support application/json only |
429 Too Many Requests |
Cardlytics is throttling requests from your client. Note that Cardlytics tries to never respond with this response code but may under extreme circumstances |
500 Internal Server Error |
An unknown or not-handled error |
501 Not Implemented |
Endpoint does not understand the request passed |
503 Service Unavailable |
The specific service is down for maintenance or other reasons |