Authentication

Overview

All REST calls to the 365FarmNet backend need to authenticate with a JSON Web Token (JWT) in the HTTP authentication header (Partner Token).

This token must be created and signed by your application. It must contain another token provided by the 365FarmNet portal (Connect Token).

The following overview shows the procedure:

AuthenticationOverview

A user opens your application inside an iframe (including Connect Token).
Your application has to validate, that the request is coming from 365FarmNet.
Most likely your application will access the 365FarmNet backend using our REST API with a Partner Token to authenticate the user.

To see examples, how to implement this workflow, take a look into our 'Code snippets' or 'Example apps'.

How to validate the request

When your web application is opened within the iframe a JSON web token is appended to your webapp URL as a query parameter jwt:

<iframe style="height:100%; width:100%; border:none;" src="https://partnerdomain.com/index.html?jwt=eyJ..."></iframe>

To validate that the request was made by 365FarmNet you should validate the JWT by

verifying the signature of the token with our public RSA key and
optionally verifying not before (nbf), expiration (exp) and partner ID (azp) of the Connect Token.

Signature

The Connect Token is signed with a RSA key and can be verified and parsed with a public key. There are two different public keys in use: one for production and one for development.

Public Key of the Production Server

Download public key for production

Public Key of the Development Server

Download public key for development

ATTENTION There are several servers at 365FarmNet using the development key. Only two environments use the production key: The production server at https://app.365farmnet.com and the non-public pre-production server at https://preprod.365farmnet.com. Please make sure to use the production key only for the requests from the production servers. All other requests should be validated with the development key. It is important that your application is accessible from different portal servers and with different Connect API servers.

How to access the API

Your application must create a JWT (Partner Token) in order to access the 365FarmNet backend. This token must contain the original Connect Token and be signed with the partner's secret.

Where to find my secrets (to create the Partner Token)

There are three secrets, you may use:

Developer: To take advantage of our playground inside our development area you must use the public partner ID and partner secret displayed in development area.
Integration: After your application was published to your test/integration environment, we will integrate it behind a fixed link (which will show your application inside an iframe) at 365FarmNet test environments (including devcon). You will get an individual ID and secret to access our API.
Prod/Preprod: We will give you a different secret to access our public production server (https://app.365farmnet.com) and our non-public pre-production server (https://preprod.365farmnet.com). Please use this secret at your production environment only.

Token Transfer upon each request

The Partner Token must be sent with every REST call to 365FarmNet backend as HTTP header. Use the header Authorization and prefix the value with the word Bearer followed by a space

Example (HTTP authorization header with the partner's JSON web token):

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInZlciI6IjAuMSIsInR5cGUiOiJwYXJ0bmVyIn0.eyJjb24iOiJleUoyWlhJaU9pSXdMaklpTENKMGVYQmxJam9pWTI5dWJtVmpkQ0lzSW1Gc1p5STZJbEpUTWpVMkluMC5leUp6ZFdJaU9pSmxOVFJsWmpWak1TMW1PR1F3TFRRMFkyUXRZams0WXkwNVpURmpOakU1TlRCaE56TWlMQ0p3Y21raU9pSXdNR05oTURNM09DMHhZalJpTFRRek9Ea3RPV0ZqTXkweU1qZzROemRqTXpGbU1qTWlMQ0pwYzNNaU9pSm9kSFJ3Y3pvdkwyUmxkbU52Ymk0ek5qVm1ZWEp0Ym1WMExtTnZiUzh6TmpWR1lYSnRUbVYwSWl3aVptNHRaWGgwSWpwN0ltWjFibU4wYVc5dVlXeHBkSGxNWlhabGJDSTZJbVoxYkd3aUxDSmpiM1VpT2lKa1pTSXNJbXhoYmlJNkltVnVJaXdpWVhCcFFtRnpaU0k2SW1oMGRIQnpPaTh2WkdWMlkyOXVMV052Ym01bFkzUXVNelkxWm1GeWJXNWxkQzVqYjIwaWZTd2lZWFZrSWpwYkltaDBkSEJ6T2k4dlpHVjJZMjl1TGpNMk5XWmhjbTF1WlhRdVkyOXRMek0yTlVaaGNtMU9aWFFpTENJMU56STJZekpqWmkweE5ETmlMVFE0TXpRdFlXRTFOQzB5TkdFeFl6RTFNVFpoTkRnaVhTd2libUptSWpveE5UY3dNREUzTVRBMkxDSjFjM0lpT2lKaU5qQmpNR0V3TmkwNE1qSmpMVFEzWmpjdE9XUTJPQzFtWlRNMk9XWmtPR1pqTVRBaUxDSmhlbkFpT2lJMU56STJZekpqWmkweE5ETmlMVFE0TXpRdFlXRTFOQzB5TkdFeFl6RTFNVFpoTkRnaUxDSjBaVzRpT2lJMlpHWmtOalZqWWkxak9ESm1MVFJqT1RBdE9USXlaQzAyTURFd05EZzFZMlJsWlRjaUxDSndaWElpT2lKRGIyMXdZVzU1T2tOU1JVRlVSU3hEYjIxd1lXNTVPa1JGVEVWVVJTeERiMjF3WVc1NU9sVlFSRUZVUlN4RGIyMXdZVzU1T2taSlRrRk9RMGxCVEY5QlRrRk1XVk5KVXl4RGIyMXdZVzU1T2xCU1JVeEpUVWxPUVZKWlgwSlBUMHRKVGtjc1EyOXRjR0Z1ZVRwUVRFRk9Ua2xPUnl4RGIyMXdZVzU1T2xKRlFVUXNRMjl0Y0dGdWVUcEdWVTVEVkVsUFRrRk1YMEZPUVV4WlUwbFRMRkJoYzNOM2IzSmtPbFZRUkVGVVJTeERiMjF3WVc1NU9rSlBUMHRKVGtjaUxDSmxlSEFpT2pFMU56QXdOVE14TURZc0ltbGhkQ0k2TVRVM01EQXhOekV3Tml3aWFuUnBJam94TlRjd01ERTNNVEEyTkRRMWZRLmp4ek9CaDhZUnJiNlpZSlhrb3V3QVZqWi01TTZpSHBuSGlvX05zRlB2c3dUMXR4cW9RcUExNExycXFSYjcyMHZKUVBiTVVxR185aUU1Y0xVUEV0blRxVk50U2tQenhfVFBVdjVhVkRpLXpaazdQa2dycXlCLTA0c2NObFJjNzdWZmJMQ2RmbFczTDhXQUZ0SERrdjdLeEFmWWlEZjF5cHJvVmxiZ2FmS1phel9raDl5RjNTR3V3RlkySGlKTGhrUlY2YmRzUWdmb2NaamVvWjRkNWY0NUpEeU9QaGZTcmR1dzFYdGxIWTJYQUJHeE1WbHp1LVNEOUU0Y2RNUVVtMG5pV0RFYU94M0VtLVkzUW9MTUxmbF95bHBidmMxNG1zd1B5TjY3aVVUMnZlMk5wbnQ3UkgtNUwwcjhBQzRsbGx5WUtaSFR1TmVsc3BZZEgyaHhFZzk4d1J3Sm96RkUySFQweWVZMGFOcXVDakxNMWo4VjNEd1ZIc0JiSk4wNHBtRjBVN2VjclNPZElnWGdMMzE0WUJjTXRTeTdsQ2FSUHVCcnlTenN4T01ZWGJBYlJVR0VWQjloOUkwdzNfNF9LZWp2M2QyYmppbTFwb1pOdmFyWEszNm9vUUJfTmxlenkxcWFMUFQxUXpBRmViOHdxZHQtNkxNdnFMeGNKcWJXTDU2VjZkWE1mVV9ubm9NRmlVVVZDZklQV3RjVTEyekc5Mm0taGVLMnRVVHhyVWhCVzlvdHJjd1JNU2JIR19DRmw5TG43WEJEdmF5Uk53WUk3QmJtQ3BHNEJxTWJOdERwTTR3THRrWU1UVDFuNTJXTXhCYThiZzFqY0lEWVlFYTJlNzJyTTNoWV9yNjE0b2JuYXBQMXMwMzRUd0c0VWE4c2RQOWhVTWlpU3ItSE80IiwiaXNzIjoiNTcyNmMyY2YtMTQzYi00ODM0LWFhNTQtMjRhMWMxNTE2YTQ4IiwiaWF0IjoxNTcwMDE4Mjk3LCJleHAiOjE1NzAxMDQ2OTd9.mXuKtmFDgxZVoM50n7PyVzlFUOtB4sn-H0pnl4X4sKQ

How to sign

To see examples how to sign, take a look into our 'Code snippets' or 'Example apps'.

Connect Token in detail

Some contents of the 365FarmNet Connect Token can be used to identify the portal user or to find out the 365FarmNet Connect API URL.

IMPORTANT NOTE: Due to appending a dynamic JWT, the URL length will be variable and may exceed your web server's allowed URL length. Please check your web server's settings and make sure to allow longer URLs (~4k).

Example Connect Token

eyJ2ZXIiOiIwLjIiLCJ0eXBlIjoiY29ubmVjdCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJlNTRlZjVjMS1mOGQwLTQ0Y2QtYjk4Yy05ZTFjNjE5NTBhNzMiLCJwcmkiOiIwMGNhMDM3OC0xYjRiLTQzODktOWFjMy0yMjg4NzdjMzFmMjMiLCJpc3MiOiJodHRwczovL2RldmNvbi4zNjVmYXJtbmV0LmNvbS8zNjVGYXJtTmV0IiwiZm4tZXh0Ijp7ImZ1bmN0aW9uYWxpdHlMZXZlbCI6ImZ1bGwiLCJjb3UiOiJkZSIsImxhbiI6ImVuIiwiYXBpQmFzZSI6Imh0dHBzOi8vZGV2Y29uLWNvbm5lY3QuMzY1ZmFybW5ldC5jb20ifSwiYXVkIjpbImh0dHBzOi8vZGV2Y29uLjM2NWZhcm1uZXQuY29tLzM2NUZhcm1OZXQiLCI1NzI2YzJjZi0xNDNiLTQ4MzQtYWE1NC0yNGExYzE1MTZhNDgiXSwibmJmIjoxNTcwMDE3MTA2LCJ1c3IiOiJiNjBjMGEwNi04MjJjLTQ3ZjctOWQ2OC1mZTM2OWZkOGZjMTAiLCJhenAiOiI1NzI2YzJjZi0xNDNiLTQ4MzQtYWE1NC0yNGExYzE1MTZhNDgiLCJ0ZW4iOiI2ZGZkNjVjYi1jODJmLTRjOTAtOTIyZC02MDEwNDg1Y2RlZTciLCJwZXIiOiJDb21wYW55OkNSRUFURSxDb21wYW55OkRFTEVURSxDb21wYW55OlVQREFURSxDb21wYW55OkZJTkFOQ0lBTF9BTkFMWVNJUyxDb21wYW55OlBSRUxJTUlOQVJZX0JPT0tJTkcsQ29tcGFueTpQTEFOTklORyxDb21wYW55OlJFQUQsQ29tcGFueTpGVU5DVElPTkFMX0FOQUxZU0lTLFBhc3N3b3JkOlVQREFURSxDb21wYW55OkJPT0tJTkciLCJleHAiOjE1NzAwNTMxMDYsImlhdCI6MTU3MDAxNzEwNiwianRpIjoxNTcwMDE3MTA2NDQ1fQ.jxzOBh8YRrb6ZYJXkouwAVjZ-5M6iHpnHio_NsFPvswT1txqoQqA14LrqqRb720vJQPbMUqG_9iE5cLUPEtnTqVNtSkPzx_TPUv5aVDi-zZk7PkgrqyB-04scNlRc77VfbLCdflW3L8WAFtHDkv7KxAfYiDf1yproVlbgafKZaz_kh9yF3SGuwFY2HiJLhkRV6bdsQgfocZjeoZ4d5f45JDyOPhfSrduw1XtlHY2XABGxMVlzu-SD9E4cdMQUm0niWDEaOx3Em-Y3QoLMLfl_ylpbvc14mswPyN67iUT2ve2Npnt7RH-5L0r8AC4lllyYKZHTuNelspYdH2hxEg98wRwJozFE2HT0yeY0aNquCjLM1j8V3DwVHsBbJN04pmF0U7ecrSOdIgXgL314YBcMtSy7lCaRPuBrySzsxOMYXbAbRUGEVB9h9I0w3_4_Kejv3d2bjim1poZNvarXK36ooQB_Nlezy1qaLPT1QzAFeb8wqdt-6LMvqLxcJqbWL56V6dXMfU_nnoMFiUUVCfIPWtcU12zG92m-heK2tUTxrUhBW9otrcwRMSbHG_CFl9Ln7XBDvayRNwYI7BbmCpG4BqMbNtDpM4wLtkYMTT1n52WMxBa8bg1jcIDYYEa2e72rM3hY_r614obnapP1s034TwG4Ua8sdP9hUMiiSr-HO4

Decoded Connect Token

[
  {
    "ver": "0.2",
    "type": "connect",
    "alg": "RS256"
  }
  {
    "sub": "e54ef5c1-f8d0-44cd-b98c-9e1c61950a73",
    "pri": "00ca0378-1b4b-4389-9ac3-228877c31f23",
    "iss": "https://devcon.365farmnet.com/365FarmNet",
    "fn-ext": {
      "functionalityLevel": "full",
      "cou": "de",
      "lan": "en",
      "apiBase": "https://devcon-connect.365farmnet.com"
    },
    "aud": [
      "https://devcon.365farmnet.com/365FarmNet",
      "5726c2cf-143b-4834-aa54-24a1c1516a48"
    ],
    "nbf": 1570017106,
    "usr": "b60c0a06-822c-47f7-9d68-fe369fd8fc10",
    "azp": "5726c2cf-143b-4834-aa54-24a1c1516a48",
    "ten": "6dfd65cb-c82f-4c90-922d-6010485cdee7",
    "per": "Company:CREATE,Company:DELETE,Company:UPDATE,Company:FINANCIAL_ANALYSIS,Company:PRELIMINARY_BOOKING,Company:PLANNING,Company:READ,Company:FUNCTIONAL_ANALYSIS,Password:UPDATE,Company:BOOKING",
    "exp": 1570053106,
    "iat": 1570017106,
    "jti": 1570017106445
  },
  [signature]
]

The following sections explain the content of the Connect Token:

Key	Name	Example	Description
ver	Version	"0.2"	The version of the token with two parts: `<major>.<minor>`. In a new version new fields can be added. Respect semantic versioning: - Minor change: Only added fields - Major change: Remove/change fields
type	Type	"connect"	The type of token. For the token generated by 365FarmNet the value is `connect`.
alg	Algorithm	"RS256"	The used encryption algorithm.

Payload

Key	Name	Example	Description
nbf	Not before	1570017106	The date - encoded as UNIX time, meaning time in seconds from 1970-01-01 - after which the token is valid.
exp	Expiration time	1570053106	The date - encoded as UNIX time, meaning time in seconds from 1970-01-01 - until the token is valid. The current duration of token validity is four hours (4h).
iat	Issued at	1570017106	Creation date of the token encoded as UNIX time, meaning time in seconds from 1970-01-01.
iss	Issuer	"https://devcon.365farmnet.com/365FarmNet"	Defines the issuer of the token. Matches the URL of the 365FarmNet portal. This attribute might be validated by the partner.
aud	Audience	["https://devcon.365farmnet.com/365FarmNet", "5726c2cf-143b-4834-aa54-24a1c1516a48"]	Array with two elements: - [0] the 365FarmNet portal URL (equal to the JWT attribute `iss`) -[1] the partner ID (equal to the JWT attribute `azp`) This attribute might be validated by the partner.
jti	Token identifier	1570017106445
sub	Security subject	"e54ef5c1-f8d0-44cd-b98c-9e1c61950a73"	For internal use only: security subject login ID. This ID will be used as security context on connect API calls. To uniquely identify a 365FarmNet portal user, use field `usr`.
pri	TBD	"00ca0378-1b4b-4389-9ac3-228877c31f23"	TBD
usr	User ID	"b60c0a06-822c-47f7-9d68-fe369fd8fc10"	Unique internal ID of the currently registered 365FarmNet portal user.
per	Permissions	"Company:CREATE,Company:DELETE,..."	Hint about the granted permissions for this token. The permissions are separated by ',' and contain the entity followed by ':' and the granted right (like CREATE, DELETE, UPDATE, etc.).
ten	Tenant ID	"6dfd65cb-c82f-4c90-922d-6010485cdee7"	Unique for each tenant (a.k.a. company ID), reflects the ID of the currently logged in portal company.
azp	Authorized partner	"5726c2cf-143b-4834-aa54-24a1c1516a48"	ID identifying the partner.
fn-ext	Object containing following sub-claims:	{...}	365FarmNet specific values. See next rows for attribute explanations.
fn-ext.functionalityLevel	Shop module purchase state	"full", "test"	Indicator to show if the current module was purchased or is in trial phase.
fn-ext.cou	Country code	"de"	Country code 2-letter code for the country the company/tenant is registered in. (ISO3166)
fn-ext.lan	Language code	"de"	2-letter language code of the current logged-in user on token creation.
fn-ext.apiBase	Connect API URL	"https://devcon-connect.365farmnet.com"	The base URL of the Connect API. Partners should use this URL including port and protocol to build the full REST endpoint URLs in a safe way.

Partner Token in detail

Example Partner Token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInZlciI6IjAuMSIsInR5cGUiOiJwYXJ0bmVyIn0.eyJjb24iOiJleUoyWlhJaU9pSXdMaklpTENKMGVYQmxJam9pWTI5dWJtVmpkQ0lzSW1Gc1p5STZJbEpUTWpVMkluMC5leUp6ZFdJaU9pSmxOVFJsWmpWak1TMW1PR1F3TFRRMFkyUXRZams0WXkwNVpURmpOakU1TlRCaE56TWlMQ0p3Y21raU9pSXdNR05oTURNM09DMHhZalJpTFRRek9Ea3RPV0ZqTXkweU1qZzROemRqTXpGbU1qTWlMQ0pwYzNNaU9pSm9kSFJ3Y3pvdkwyUmxkbU52Ymk0ek5qVm1ZWEp0Ym1WMExtTnZiUzh6TmpWR1lYSnRUbVYwSWl3aVptNHRaWGgwSWpwN0ltWjFibU4wYVc5dVlXeHBkSGxNWlhabGJDSTZJbVoxYkd3aUxDSmpiM1VpT2lKa1pTSXNJbXhoYmlJNkltVnVJaXdpWVhCcFFtRnpaU0k2SW1oMGRIQnpPaTh2WkdWMlkyOXVMV052Ym01bFkzUXVNelkxWm1GeWJXNWxkQzVqYjIwaWZTd2lZWFZrSWpwYkltaDBkSEJ6T2k4dlpHVjJZMjl1TGpNMk5XWmhjbTF1WlhRdVkyOXRMek0yTlVaaGNtMU9aWFFpTENJMU56STJZekpqWmkweE5ETmlMVFE0TXpRdFlXRTFOQzB5TkdFeFl6RTFNVFpoTkRnaVhTd2libUptSWpveE5UY3dNREUzTVRBMkxDSjFjM0lpT2lKaU5qQmpNR0V3TmkwNE1qSmpMVFEzWmpjdE9XUTJPQzFtWlRNMk9XWmtPR1pqTVRBaUxDSmhlbkFpT2lJMU56STJZekpqWmkweE5ETmlMVFE0TXpRdFlXRTFOQzB5TkdFeFl6RTFNVFpoTkRnaUxDSjBaVzRpT2lJMlpHWmtOalZqWWkxak9ESm1MVFJqT1RBdE9USXlaQzAyTURFd05EZzFZMlJsWlRjaUxDSndaWElpT2lKRGIyMXdZVzU1T2tOU1JVRlVSU3hEYjIxd1lXNTVPa1JGVEVWVVJTeERiMjF3WVc1NU9sVlFSRUZVUlN4RGIyMXdZVzU1T2taSlRrRk9RMGxCVEY5QlRrRk1XVk5KVXl4RGIyMXdZVzU1T2xCU1JVeEpUVWxPUVZKWlgwSlBUMHRKVGtjc1EyOXRjR0Z1ZVRwUVRFRk9Ua2xPUnl4RGIyMXdZVzU1T2xKRlFVUXNRMjl0Y0dGdWVUcEdWVTVEVkVsUFRrRk1YMEZPUVV4WlUwbFRMRkJoYzNOM2IzSmtPbFZRUkVGVVJTeERiMjF3WVc1NU9rSlBUMHRKVGtjaUxDSmxlSEFpT2pFMU56QXdOVE14TURZc0ltbGhkQ0k2TVRVM01EQXhOekV3Tml3aWFuUnBJam94TlRjd01ERTNNVEEyTkRRMWZRLmp4ek9CaDhZUnJiNlpZSlhrb3V3QVZqWi01TTZpSHBuSGlvX05zRlB2c3dUMXR4cW9RcUExNExycXFSYjcyMHZKUVBiTVVxR185aUU1Y0xVUEV0blRxVk50U2tQenhfVFBVdjVhVkRpLXpaazdQa2dycXlCLTA0c2NObFJjNzdWZmJMQ2RmbFczTDhXQUZ0SERrdjdLeEFmWWlEZjF5cHJvVmxiZ2FmS1phel9raDl5RjNTR3V3RlkySGlKTGhrUlY2YmRzUWdmb2NaamVvWjRkNWY0NUpEeU9QaGZTcmR1dzFYdGxIWTJYQUJHeE1WbHp1LVNEOUU0Y2RNUVVtMG5pV0RFYU94M0VtLVkzUW9MTUxmbF95bHBidmMxNG1zd1B5TjY3aVVUMnZlMk5wbnQ3UkgtNUwwcjhBQzRsbGx5WUtaSFR1TmVsc3BZZEgyaHhFZzk4d1J3Sm96RkUySFQweWVZMGFOcXVDakxNMWo4VjNEd1ZIc0JiSk4wNHBtRjBVN2VjclNPZElnWGdMMzE0WUJjTXRTeTdsQ2FSUHVCcnlTenN4T01ZWGJBYlJVR0VWQjloOUkwdzNfNF9LZWp2M2QyYmppbTFwb1pOdmFyWEszNm9vUUJfTmxlenkxcWFMUFQxUXpBRmViOHdxZHQtNkxNdnFMeGNKcWJXTDU2VjZkWE1mVV9ubm9NRmlVVVZDZklQV3RjVTEyekc5Mm0taGVLMnRVVHhyVWhCVzlvdHJjd1JNU2JIR19DRmw5TG43WEJEdmF5Uk53WUk3QmJtQ3BHNEJxTWJOdERwTTR3THRrWU1UVDFuNTJXTXhCYThiZzFqY0lEWVlFYTJlNzJyTTNoWV9yNjE0b2JuYXBQMXMwMzRUd0c0VWE4c2RQOWhVTWlpU3ItSE80IiwiaXNzIjoiNTcyNmMyY2YtMTQzYi00ODM0LWFhNTQtMjRhMWMxNTE2YTQ4IiwiaWF0IjoxNTcwMDE4Mjk3LCJleHAiOjE1NzAxMDQ2OTd9.mXuKtmFDgxZVoM50n7PyVzlFUOtB4sn-H0pnl4X4sKQ

Decoded Partner Token

[
  {
    "ver": "0.1",
    "type": "partner",
    "alg": "HS256"
  },
  {
    "con": "eyJ2ZXIiOiIwLjIiLCJ0eXBlIjoiY29ubmVjdCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJlNTRlZjVjMS1mOGQwLTQ0Y2QtYjk4Yy05ZTFjNjE5NTBhNzMiLCJwcmkiOiIwMGNhMDM3OC0xYjRiLTQzODktOWFjMy0yMjg4NzdjMzFmMjMiLCJpc3MiOiJodHRwczovL2RldmNvbi4zNjVmYXJtbmV0LmNvbS8zNjVGYXJtTmV0IiwiZm4tZXh0Ijp7ImZ1bmN0aW9uYWxpdHlMZXZlbCI6ImZ1bGwiLCJjb3UiOiJkZSIsImxhbiI6ImVuIiwiYXBpQmFzZSI6Imh0dHBzOi8vZGV2Y29uLWNvbm5lY3QuMzY1ZmFybW5ldC5jb20ifSwiYXVkIjpbImh0dHBzOi8vZGV2Y29uLjM2NWZhcm1uZXQuY29tLzM2NUZhcm1OZXQiLCI1NzI2YzJjZi0xNDNiLTQ4MzQtYWE1NC0yNGExYzE1MTZhNDgiXSwibmJmIjoxNTcwMDE3MTA2LCJ1c3IiOiJiNjBjMGEwNi04MjJjLTQ3ZjctOWQ2OC1mZTM2OWZkOGZjMTAiLCJhenAiOiI1NzI2YzJjZi0xNDNiLTQ4MzQtYWE1NC0yNGExYzE1MTZhNDgiLCJ0ZW4iOiI2ZGZkNjVjYi1jODJmLTRjOTAtOTIyZC02MDEwNDg1Y2RlZTciLCJwZXIiOiJDb21wYW55OkNSRUFURSxDb21wYW55OkRFTEVURSxDb21wYW55OlVQREFURSxDb21wYW55OkZJTkFOQ0lBTF9BTkFMWVNJUyxDb21wYW55OlBSRUxJTUlOQVJZX0JPT0tJTkcsQ29tcGFueTpQTEFOTklORyxDb21wYW55OlJFQUQsQ29tcGFueTpGVU5DVElPTkFMX0FOQUxZU0lTLFBhc3N3b3JkOlVQREFURSxDb21wYW55OkJPT0tJTkciLCJleHAiOjE1NzAwNTMxMDYsImlhdCI6MTU3MDAxNzEwNiwianRpIjoxNTcwMDE3MTA2NDQ1fQ.jxzOBh8YRrb6ZYJXkouwAVjZ-5M6iHpnHio_NsFPvswT1txqoQqA14LrqqRb720vJQPbMUqG_9iE5cLUPEtnTqVNtSkPzx_TPUv5aVDi-zZk7PkgrqyB-04scNlRc77VfbLCdflW3L8WAFtHDkv7KxAfYiDf1yproVlbgafKZaz_kh9yF3SGuwFY2HiJLhkRV6bdsQgfocZjeoZ4d5f45JDyOPhfSrduw1XtlHY2XABGxMVlzu-SD9E4cdMQUm0niWDEaOx3Em-Y3QoLMLfl_ylpbvc14mswPyN67iUT2ve2Npnt7RH-5L0r8AC4lllyYKZHTuNelspYdH2hxEg98wRwJozFE2HT0yeY0aNquCjLM1j8V3DwVHsBbJN04pmF0U7ecrSOdIgXgL314YBcMtSy7lCaRPuBrySzsxOMYXbAbRUGEVB9h9I0w3_4_Kejv3d2bjim1poZNvarXK36ooQB_Nlezy1qaLPT1QzAFeb8wqdt-6LMvqLxcJqbWL56V6dXMfU_nnoMFiUUVCfIPWtcU12zG92m-heK2tUTxrUhBW9otrcwRMSbHG_CFl9Ln7XBDvayRNwYI7BbmCpG4BqMbNtDpM4wLtkYMTT1n52WMxBa8bg1jcIDYYEa2e72rM3hY_r614obnapP1s034TwG4Ua8sdP9hUMiiSr-HO4",
    "iss": "5726c2cf-143b-4834-aa54-24a1c1516a48",
    "exp": 1570104697,
    "iat": 1570018297
  },
  [signature]
]

Header (Partner)

Key	Name	Example	Description
ver	Version	"0.1"	The version of the token with two parts: `<major>.<minor>` In a new version new fields can be added. Respect semantic versioning: - Minor change: Only added fields - Major change: Remove/change fields For major change it must be kept track of which partner can handle which version.
type	Type	"partner"	The type of token. The Partner Token must use the value `partner`.
alg	Algorithm	"HS256"	The algorithm may be chosen by the partner.

Payload (Partner)

Key	Name	Example	Description
exp	Expiration time	1570104697	The date until the token is valid. The current duration of token validity is four hours.
iat	Issued at	1570018297	The UNIX time the token was issued.
iss	Issuer	"5726c2cf-143b-4834-aa54-24a1c1516a48"	The partner ID. This is needed to identify the partner and to verify the token signature.
con	Connect Token	"eyJ2Z..."	The original 365FarmNet Connect Token received by the partner.