Skip to main content
Version: Next

Configuration

Overview

To use the SDK effectively, you need to provide configuration and authentication parameters. This guide outlines how to configure and authnticate the SDK according to your needs.

The SDK requires two key sets of parameters for setup: general configuration and authentication.

const sdk = createSkyPathSDK({
  ...generalConfig, // General parameters
  ...authConfig,    // Authentication parameters
});

General Parameters 🌐

  • apiBaseUrl (Optional): Specifying the SkyPath API base URL. If not provided, default is production URL https://api.skypath.io. For staging environment use https://staging-api.skypath.io. You may use different URL if you're using a proxy server.

Authentication Parameters 🔑

In order to use SkyPath platform, you are required to state the current userId (e.g. 'user123') and companyName (e.g. 'AirlineInc'). This is done by authenticating the user with the SkyPath SDK.

The SDK supports two authentication methods:

  1. API Key
  2. Signed JWT (JSON Web Token)

We will elaborate on both methods below.

Option 1: API Key

With this option, you would provide the userId and companyName alongside API Key directly in the client. Like this:

const sdk = createSkyPathSDK({
  ... // general config

  apiKey: "XXXX-XXXX-XXXX-XXXX", // Your SkyPath API key
  userId: "user123",             // The current user ID
  companyName: "AirlineInc",     // Your current company name
};
warning

While simple and easy, this method is not secure, and therefore recommended for development purposes only. For production environments, we highly recommend using Signed JWT method.

Option 2: Signed JWT

info

While this method requires a bit more effort, it keeps your API Key on your backend, never exposed to the client, and therefore more secure and recommended for production environments.

info

To use this method you would need your Partner Id from SkyPath. Please contact SkyPath to get it.

With this option, you would:

  1. Create a server-side endpoint that accepts userId and companyName, and returns a JWT signed with your SkyPath API Key.
  2. Provide the SDK with a callback that calls your server endpoint and returns this JWT to the SDK.

The following diagram illustrates the flow:

The SDK initialization with Signed JWT method would look like this:

const sdk = createSkyPathSDK({
  ... // general config

  authCallback: async () => {
    // ... code to call your server endpoint...
    const jwt = await callYourBackendEndpoint({userId, companyName});

    // Your partner ID as you received it from SkyPath
    const partnerId = '<YOUR_SKYPATH_PARTNER_ID>';

    // The SDK expect this values to be returned
    return {
      jwt,
      partnerId,
    };
  },
};

Your server-side endpoint would look like this (using Express.js as an example):

Server-side endpoint for generating signed JWT
// Handling API route for authentication
app.post("/skypath-sign-jwt", (req, res) => {

  // ...validate the request

  // Extract necessary information
  const {
    userId,
    companyName,
    // ... you may add more fields as needed ( e.g. password )
  } = req.body;

  // ... your code to validate the user id and company name...
  const user = validate(userId, companyName);

  // Return unauthorized if user is not found in your system
  if (!user) { return res.status(401).json({ message: "Unauthorized" }); }

  // Generate a signed JWT that is supported by SkyPath
  const token = jwt.sign(
    { userId, companyName,},      // Payload of the JWT
    SKYPATH_API_KEY,              // Use your SkyPath API key to sign the JWT
    { expiresIn: JWT_EXPIRES_IN } // You may specify desired expiration time
  );

  // Signed JWT that is used in the client-side
  res.json(jwt);
});