Configuration
Overview
To use the SDK effectively, you need to provide configuration and authentication parameters. This guide outlines how to configure and authnticate the SDK according to your needs.
The SDK requires two key sets of parameters for setup: general configuration and authentication.
const sdk = createSkyPathSDK({
...generalConfig, // General parameters
...authConfig, // Authentication parameters
});
General Parameters 🌐
- proxyUrl (Optional): Specifying the SkyPath API proxy URL. If not provided, the default base URL will be used for accessing the SkyPath API. Base API url is defined internally by the SDK based on the environment (see below).
- environment (Optional): Specifying the environment to use. The SDK supports the following environments:
local,development,stagingandproduction. If not provided, the default environment isstaging. - applicationId (Optional): Specifying the application ID.
Authentication Parameters 🔑
In order to use SkyPath platform, you are required to state the current userId (e.g. 'user123') and companyName (e.g. 'AirlineInc').
This is done by authenticating the user with the SkyPath SDK.
For security purposes, it is recommended to be able to update the API key without having to release a new version.
The SDK supports two authentication methods:
- API Key
- Signed JWT (JSON Web Token)
We will elaborate on both methods below.
Option 1: API Key
With this option, you would provide the userId and companyName alongside API Key directly in the client. Like this:
const sdk = createSkyPathSDK({
... // general config
apiKey: "XXXX-XXXX-XXXX-XXXX", // Your SkyPath API key
userId: "user123", // The current user ID
companyName: "AirlineInc", // Your current company name
};
While simple and easy, this method is not secure, and therefore recommended for development purposes only. For production environments, we highly recommend using Signed JWT method.
Option 2: Signed JWT
While this method requires a bit more effort, it keeps your API Key on your backend, never exposed to the client, and therefore more secure and recommended for production environments.
To use this method you would need your Partner Id from SkyPath. Please contact SkyPath to get it.
With this option, you would:
- Create a server-side endpoint that accepts
userIdandcompanyName, and returns a JWT signed with your SkyPath API Key. - Provide the SDK with a callback that calls your server endpoint and returns this JWT to the SDK.
The following diagram illustrates the flow:
The SDK initialization with Signed JWT method would look like this:
const sdk = createSkyPathSDK({
... // general config
authCallback: async () => {
// ... code to call your server endpoint...
const jwt = await callYourBackendEndpoint({userId, companyName});
// Your partner ID as you received it from SkyPath
const partnerId = '<YOUR_SKYPATH_PARTNER_ID>';
// The SDK expect this values to be returned
return {
jwt,
partnerId,
};
},
};
Your server-side endpoint would look like this (using Express.js as an example):
// Handling API route for authentication
app.post("/skypath-sign-jwt", (req, res) => {
// ...validate the request
// Extract necessary information
const {
userId,
companyName,
// ... you may add more fields as needed ( e.g. password )
} = req.body;
// ... your code to validate the user id and company name...
const user = validate(userId, companyName);
// Return unauthorized if user is not found in your system
if (!user) { return res.status(401).json({ message: "Unauthorized" }); }
// Generate a signed JWT that is supported by SkyPath
const token = jwt.sign(
{ userId, companyName,}, // Payload of the JWT
SKYPATH_API_KEY, // Use your SkyPath API key to sign the JWT
{ expiresIn: JWT_EXPIRES_IN } // You may specify desired expiration time
);
// Signed JWT that is used in the client-side
res.json(jwt);
});