Go to Rollout website ↗️DocumentationCRM ReferenceTMS Reference

Getting your API Key

This guide explains how to:

  • Get your API key for Rollout’s universal API

  • Generate an auth token

Step 1: Get a Client ID and SecretCopied!

Email us at [email protected] to get a Client ID and Client Secret.

Never include your Client Secret in your source code or send it to your front-end. If you believe your Secret has been compromised, please contact us immediately at [email protected].

Step 2: Generate an Auth TokenCopied!

Once you have a Client ID and Client Secret, you can generate an authToken. The authToken is a JSON Web Token (JWT), which is a secure, short-lived token used to authenticate your app with the Rollout API and UI components.

In the authToken you will also embed a unique ID to identify your user (this could be an agent’s user ID or a brokerage’s user ID or any other user entity).

Here is how to generate your authToken

const jwt = require('jsonwebtoken');

/**
 * Generate a JWT token that expires in 15 minutes
 * @param {string} userId - User identifier
 * @returns {string} JWT token
 */
function generateToken(userId) {
  const now = Math.floor(Date.now() / 1000);
  
  return jwt.sign({
    iss: process.env.ROLLOUT_CLIENT_ID,
    sub: userId,
    iat: now,
    exp: now + 900  // expires in 15 minutes
  }, 
  process.env.ROLLOUT_CLIENT_SECRET, 
  { algorithm: 'HS512' });
}


Example usage:

const token = generateToken('user123');
import jwt
import time
import os

def generate_token(user_id: str) -> str:
   """Generate a JWT token that expires in 15 minutes"""
   return jwt.encode(
       {
           "iss": os.environ.get("ROLLOUT_CLIENT_ID"),
           "sub": user_id,
           "iat": int(time.time()),
           "exp": int(time.time()) + 900  # 15 minutes
       },
       os.environ.get("ROLLOUT_CLIENT_SECRET"),
       algorithm="HS512"
   )
require 'jwt'

def generate_token(user_id)
 now = Time.now.to_i
 
 JWT.encode({
   iss: ENV['ROLLOUT_CLIENT_ID'],
   sub: user_id,
   iat: now,
   exp: now + 900  # 15 minutes
 },
 ENV['ROLLOUT_CLIENT_SECRET'],
 'HS512')
end
<?php

require 'vendor/autoload.php';

use Firebase\JWT\JWT;

function generateToken($userId) {
   $now = time();
   
   $payload = [
       'iss' => getenv('ROLLOUT_CLIENT_ID'),
       'sub' => $userId,
       'iat' => $now,
       'exp' => $now + 900 // 15 minutes
   ];
   
   return JWT::encode($payload, getenv('ROLLOUT_CLIENT_SECRET'), 'HS512');
}

Requirements (Composer):

{
    "require": {
        "firebase/php-jwt": "^6.0"
    }
}

Install with:

composer require firebase/php-jwt
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.time.Instant;
import java.util.Date;

public class TokenGenerator {
   public static String generateToken(String userId) {
       Instant now = Instant.now();
       
       return Jwts.builder()
           .setIssuer(System.getenv("ROLLOUT_CLIENT_ID"))
           .setSubject(userId)
           .setIssuedAt(Date.from(now))
           .setExpiration(Date.from(now.plusSeconds(900))) // 15 minutes
           .signWith(SignatureAlgorithm.HS512, System.getenv("ROLLOUT_CLIENT_SECRET"))
           .compact();
   }
}


Dependencies (Maven):

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>
using System;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using System.Text;

public static string GenerateToken(string userId)
{
    var now = DateTimeOffset.UtcNow;
    var secret = Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_SECRET");
    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));

    return new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
        issuer: Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_ID"),
        claims: new[] { new System.Security.Claims.Claim("sub", userId) },
        issuedAt: now.DateTime,
        expires: now.AddMinutes(15).DateTime,
        signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha512)
    ));
}

NuGet Package:

<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
package main

import (
   "os"
   "time"
   "github.com/golang-jwt/jwt/v5"
)

func generateToken(userId string) (string, error) {
   now := time.Now()
   
   token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
       "iss": os.Getenv("ROLLOUT_CLIENT_ID"),
       "sub": userId,
       "iat": now.Unix(),
       "exp": now.Add(15 * time.Minute).Unix(),
   })
   
   return token.SignedString([]byte(os.Getenv("ROLLOUT_CLIENT_SECRET")))
}

Install with:

go get github.com/golang-jwt/jwt/v5

Remember to always generate your authToken on your server in order to keep your Client Secret secure. The best practice is to create a route in your web app or endpoint in your API to generate a Rollout token and then fetch that from your front end.

© 2025 Playbook Software Inc.