API Reference
Log into Sandbox

Security

Use HTTPS for your External Trans API webhook to ensure that fundamental security is in place.

Your product can be configured so that Galileo uses a JSON web token (JWT) for authenticating with your webhook. (Although it is optional, Galileo strongly recommends that you configure your product to use JWT.) A shared secret is also used for encoding and decoding the token. The payload has the following claims:

  • iat — Issued at, in Unix epoch time
  • exp — Expiration time, in Unix epoch time
  • issgalileo

The token is created using the following Python code:

import jwt
from datetime import datetime, timedelta
payload = {
    'exp': datetime.utcnow() + timedelta(seconds=5),
    'iat': datetime.utcnow(),
    'iss': 'galileo'
}
token = jwt.encode(payload, secret, algorithm='HS256')

where secret is the shared secret.

The token is included in the jwt field in the body of the request.

Security Example

This is the result when exp = 1534274886 and iat = 1534274881 as it would appear in the request body:

{
    ...
    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnYWxpbGVvIiwiaWF0IjoxNTM0Mjc0ODgxLCJleHAiOjE1MzQyNzQ4ODZ9.1xUk4iNFGWLo01MyJUHXRlyrNlzwPvDMSXpN38TrblU"
}

Galileo Financial Technologies, LLC 2024

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.