Getting your API Key
This guide explains how to:
-
Get your API key for Rollout’s universal API
-
Generate an auth token
Step 1: Get a Client ID and SecretCopied!
Email us at [email protected] to get a Client ID and Client Secret.
Never include your Client Secret in your source code or send it to your front-end. If you believe your Secret has been compromised, please contact us immediately at [email protected].
Step 2: Generate an Auth TokenCopied!
Once you have a Client ID and Client Secret, you can generate an authToken
. The authToken
is a JSON Web Token (JWT), which is a secure, short-lived token used to authenticate your app with the Rollout API and UI components.
In the authToken
you will also embed a unique ID to identify your user (this could be an agent’s user ID or a brokerage’s user ID or any other user entity).
Here is how to generate your authToken
const jwt = require('jsonwebtoken');
/**
* Generate a JWT token that expires in 15 minutes
* @param {string} userId - User identifier
* @returns {string} JWT token
*/
function generateToken(userId) {
const now = Math.floor(Date.now() / 1000);
return jwt.sign({
iss: process.env.ROLLOUT_CLIENT_ID,
sub: userId,
iat: now,
exp: now + 900 // expires in 15 minutes
},
process.env.ROLLOUT_CLIENT_SECRET,
{ algorithm: 'HS512' });
}
Example usage:
const token = generateToken('user123');
import jwt
import time
import os
def generate_token(user_id: str) -> str:
"""Generate a JWT token that expires in 15 minutes"""
return jwt.encode(
{
"iss": os.environ.get("ROLLOUT_CLIENT_ID"),
"sub": user_id,
"iat": int(time.time()),
"exp": int(time.time()) + 900 # 15 minutes
},
os.environ.get("ROLLOUT_CLIENT_SECRET"),
algorithm="HS512"
)
require 'jwt'
def generate_token(user_id)
now = Time.now.to_i
JWT.encode({
iss: ENV['ROLLOUT_CLIENT_ID'],
sub: user_id,
iat: now,
exp: now + 900 # 15 minutes
},
ENV['ROLLOUT_CLIENT_SECRET'],
'HS512')
end
<?php
require 'vendor/autoload.php';
use Firebase\JWT\JWT;
function generateToken($userId) {
$now = time();
$payload = [
'iss' => getenv('ROLLOUT_CLIENT_ID'),
'sub' => $userId,
'iat' => $now,
'exp' => $now + 900 // 15 minutes
];
return JWT::encode($payload, getenv('ROLLOUT_CLIENT_SECRET'), 'HS512');
}
Requirements (Composer):
{
"require": {
"firebase/php-jwt": "^6.0"
}
}
Install with:
composer require firebase/php-jwt
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.time.Instant;
import java.util.Date;
public class TokenGenerator {
public static String generateToken(String userId) {
Instant now = Instant.now();
return Jwts.builder()
.setIssuer(System.getenv("ROLLOUT_CLIENT_ID"))
.setSubject(userId)
.setIssuedAt(Date.from(now))
.setExpiration(Date.from(now.plusSeconds(900))) // 15 minutes
.signWith(SignatureAlgorithm.HS512, System.getenv("ROLLOUT_CLIENT_SECRET"))
.compact();
}
}
Dependencies (Maven):
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
using System;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using System.Text;
public static string GenerateToken(string userId)
{
var now = DateTimeOffset.UtcNow;
var secret = Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_SECRET");
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
return new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
issuer: Environment.GetEnvironmentVariable("ROLLOUT_CLIENT_ID"),
claims: new[] { new System.Security.Claims.Claim("sub", userId) },
issuedAt: now.DateTime,
expires: now.AddMinutes(15).DateTime,
signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha512)
));
}
NuGet Package:
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.0.0" />
package main
import (
"os"
"time"
"github.com/golang-jwt/jwt/v5"
)
func generateToken(userId string) (string, error) {
now := time.Now()
token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
"iss": os.Getenv("ROLLOUT_CLIENT_ID"),
"sub": userId,
"iat": now.Unix(),
"exp": now.Add(15 * time.Minute).Unix(),
})
return token.SignedString([]byte(os.Getenv("ROLLOUT_CLIENT_SECRET")))
}
Install with:
go get github.com/golang-jwt/jwt/v5
Remember to always generate your authToken
on your server in order to keep your Client Secret secure. The best practice is to create a route in your web app or endpoint in your API to generate a Rollout token and then fetch that from your front end.