Skip to main content
G2C Platform API supports two authentication methods to provide flexibility for different use cases: API Key authentication for server-to-server operations and JWT Bearer authentication for wallet-based operations.

Authentication Methods Overview

API Key Authentication

For server-to-server communication and administrative operations: 
X-API-Key: your_api_key_here

JWT Bearer Authentication

For wallet-based operations and user sessions: 
Authorization: Bearer your_jwt_token_here

API Key Authentication

API Key authentication is used for administrative operations like creating wallets, minting tokens, and managing objects.

How It Works

  1. Obtain API Key: Get your API key from G2C Platform support
  2. Include in Headers: Add the key to the X-API-Key header in every request
  3. Access Resources: Use the key for all authenticated API calls

Getting Your API Key

To obtain your API key:
  1. Log In: Access the Dashboard
  2. Navigate to Administration: Go to Administration > API Keys
  3. Create a New Key: Click on “Create API Key” and configure the desired permissions
  4. Test Access: Verify your credentials with a health check

Example API Key Requests

# Test API access
curl -X GET "https://api.g2cplatform.com/v2/health" \
  -H "Content-Type: application/json"

# Create a wallet (requires API key)
curl -X POST "https://api.g2cplatform.com/v2/wallets" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "myuser123",
    "password": "SecurePassword123!",
    "email": "[email protected]"
  }'

# Mint tokens (requires API key)
curl -X POST "https://api.g2cplatform.com/v2/tokens/mint" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "fungible",
    "symbol": "MYCOIN",
    "amount": 1000,
    "receiverWalletId": "wallet_123e4567-e89b-12d3-a456-426614174000"
  }'

JWT Bearer Authentication

JWT Bearer authentication is used for wallet-based operations after a wallet has been authenticated.

How It Works

  1. Wallet Login: Authenticate a wallet with username and password
  2. Receive JWT Token: Get a JWT token with expiration time
  3. Use Bearer Token: Include the token in Authorization headers
  4. Refresh When Needed: Refresh tokens before they expire

Wallet Authentication Flow

Step 1: Login to Get JWT Token

curl -X POST "https://api.g2cplatform.com/v2/auth/wallet/login" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "myuser123@your-app-id",
    "password": "SecurePassword123!"
  }'
Response: 
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresAt": "2024-03-15T18:30:00Z",
  "wallet": {
    "id": "wallet_123e4567-e89b-12d3-a456-426614174000",
    "username": "myuser123",
    "email": "[email protected]",
    "status": "active"
  }
}

Step 2: Use JWT Token for Wallet Operations

# Use JWT token for wallet operations
curl -X POST "https://api.g2cplatform.com/v2/auth/wallet/logout" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

# Refresh token before expiration
curl -X POST "https://api.g2cplatform.com/v2/auth/wallet/refresh" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Which Authentication Method to Use?

OperationAuthentication MethodUse Case
Create WalletsAPI KeyAdministrative operations
Mint TokensAPI KeyServer-to-server token creation
Manage Categories/ObjectsAPI KeyContent management
Wallet Login/LogoutNone / JWTUser authentication
Token TransfersAPI KeyAdministrative transfers
File UploadsAPI KeyContent management

Security Best Practices

API Key Security

  • Store Securely: Keep API keys in environment variables
  • Never Expose: Don’t include keys in client-side code or public repositories
  • Rotate Regularly: Update keys periodically for security
  • Use HTTPS: Always use secure connections

JWT Token Security

  • Short Lifespan: Tokens expire to limit exposure
  • Secure Storage: Store tokens securely on the client side
  • Refresh Proactively: Refresh tokens before they expire
  • Logout Properly: Always invalidate tokens when logging out

Environment-Specific Keys

Use different API keys for different environments: 
# Development
X-API-Key: dev_your_development_key

# Staging
X-API-Key: stg_your_staging_key

# Production
X-API-Key: prod_your_production_key

Error Handling

Common Authentication Errors

401 Unauthorized 
{
  "error": "Unauthorized - invalid or missing API key",
  "code": "INVALID_API_KEY",
  "timestamp": "2024-03-15T10:30:00Z"
}
403 Forbidden 
{
  "error": "Forbidden - insufficient permissions",
  "code": "INSUFFICIENT_PERMISSIONS",
  "timestamp": "2024-03-15T10:30:00Z"
}
Token Expired 
{
  "error": "JWT token has expired",
  "code": "TOKEN_EXPIRED",
  "timestamp": "2024-03-15T10:30:00Z"
}

Testing Your Authentication

Quick Authentication Test

# Test API key authentication
curl -X GET "https://api.g2cplatform.com/v2/auth/health" \
  -H "X-API-Key: your-api-key"

# Test without authentication (should work)
curl -X GET "https://api.g2cplatform.com/v2/health"

Next Steps

Quick Start Guide

Create your first wallet and tokens

Wallet Management

Learn about wallet operations

Token Management

Understand tokens and blockchain

API Reference

Explore all endpoints