API Reference
Log into Sandbox

Security

Use HTTPS for your External Trans API webhook to ensure that fundamental security is in place.

Your product can be configured so that Galileo uses a JSON web token (JWT) for authenticating with your webhook. (Although it is optional, Galileo strongly recommends that you configure your product to use JWT.) A shared secret is also used for encoding and decoding the token. The payload has the following claims:

  • iat — Issued at, in Unix epoch time
  • exp — Expiration time, in Unix epoch time
  • issgalileo

The token is created using the following Python code:

import jwt
from datetime import datetime, timedelta
payload = {
    'exp': datetime.utcnow() + timedelta(seconds=5),
    'iat': datetime.utcnow(),
    'iss': 'galileo'
}
token = jwt.encode(payload, secret, algorithm='HS256')

where secret is the shared secret.

The token is included in the jwt field in the body of the request.

Security Example

This is the result when exp = 1534274886 and iat = 1534274881 as it would appear in the request body:

{
    ...
    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnYWxpbGVvIiwiaWF0IjoxNTM0Mjc0ODgxLCJleHAiOjE1MzQyNzQ4ODZ9.1xUk4iNFGWLo01MyJUHXRlyrNlzwPvDMSXpN38TrblU"
}