1. Obtain Your API Key

Navigate to Settings -> Advanced Settings and copy your API key. This key is essential for authenticating your API requests.

Account settings

Important! Your API key is unique and must be kept secure in your server.

Don't have an account yet?

Start by creating and setting up an account on Masivo to obtain your API key.

2. Authorize Your API Key

To obtain an access token, use your API key. Send a GET request to the /auth/authorize endpoint with the API key included in the x-api-key header.

Remember that each token lasts for one hour, call the auth endpoint again to update the token.

const response = await fetch("https://api.masivo.ai/auth/authorize", {
  method: "GET",
  headers: { "x-api-key": /* YOUR-API-KEY-HERE */ }
});

3. Use the Access Token

Once you have an access token, use it in all requests that require authentication. The access token will grant you permissions to access and modify the scope of your account.

const response = await fetch(
  "https://app.masivo.ai/api/storefront/v1/rewards",
  {
    method: "GET",
    headers: { Authorization: `Bearer ${accessToken}` }
  }
);

4. Checking the access token expiration

const response = await decodeJwt(accessToken);
const { exp } = response.payload;
const expired = Date.now() >= exp;

if (expired) {
  // refresh access token
} else {
  // continue
}

Full example

import { decodeJwt } from "jose";

const baseUrl = "https://api.masivo.ai/api/storefront/v1";
let accessToken;

// Get an access token that is safe to use
const getBearerToken = async () => {
  const decoded = accessToken ? await decodeJwt(accessToken) : undefined;
  const { exp = 0 } = decoded?.payload ?? {};
  // 5 minutes before it actually expires
  const expirationTime = exp * 1000 - 5 * 60 * 1000;
  const expired = Date.now() >= expirationTime;
  const refreshToken = !accessToken || expired;
  if (!refreshToken) return `Bearer ${accessToken}`;
  const url = `${baseUrl}/auth/authorize`;
  const headers = new Headers();
  headers.set("x-api-key", process.env.API_KEY);
  const res = await fetch(url, { headers });
  access_token = (await res.json()).data;
  return `Bearer ${accessToken}`;
};

// Use this token as an authorization header in each subsequent api call
const token = await getBearerToken();

// Your code...