logo
Authentication

Generate encrypted JWT token

get
https://api.snaptrade.com/api/v1/snapTrade/encryptedJWT

This API is available to ClientIDs which have opted to use encrypted JWTs (JSON Web Tokens) instead of standard SnapTrade signature verification.

Execute an API Request

Query
userIdstringrequired

SnapTrade User ID

userSecretstringrequired

SnapTrade User Secret (generated when registering user)

Authorization
Request
Installation
$
npm install snaptrade-typescript-sdk
1
Loading...

Response fields

object

This response consists of 2 different components that must be decrypted to obtain the decrypted message

  • Decrypting the encryptedSharedKey

    The encrypted shared key is a shared key that was randomly generated by SnapTrade and encrypted using the users SSH public key provided when registering the user It is needed to decrypt the message in step 2.

    To decrypt the shared key, the user should have access to their SSH private key stored locally in their device

    An example Python code on how to decrypt the shared key is shown below

    def decrypt_rsa_message(self, encrypted_message):
        from Crypto.Cipher import PKCS1_OAEP
        from Crypto.PublicKey import RSA
        from base64 import b64decode
    
        f = open('private.pem', 'r')
        private_key = RSA.import_key(f.read())
        cipher = PKCS1_OAEP.new(private_key)
    
        return cipher.decrypt(b64decode(encrypted_message.encode())).decode()
    
  • Decrypting the encryptedMessageData

    The data meant to be returned by an endpoint can be obtained by decrypting the encrypted message

    An encrypted message is a message that is encrypted using AES - MODE OCB with the shared key obtained in step one

    An example code to decrypt the encrypted message is shown below

    def decrypt_aes_message(self, shared_key, encrypted_message):
        from Crypto.Cipher import AES
        from base64 import b64decode
    
        encrypted_msg = b64decode(encrypted_message["encryptedMessage"].encode())
        tag = b64decode(encrypted_message["tag"].encode())
        nonce = b64decode(encrypted_message["nonce"].encode())
        cipher = AES.new(shared_key.encode(), AES.MODE_OCB, nonce=nonce)
    
        return cipher.decrypt_and_verify(encrypted_msg, tag).decode()
    
encryptedSharedKeystring
encryptedMessageDataobject
1
{
2
"encryptedSharedKey": "5UEaY9QGzcNTr8y2jGDUI79jY1OdfK9x",
3
"encryptedMessageData": {
4
"encryptedMessage": "9Xy05vqZOfp0OpW5fLAaDw==",
5
"tag": "mWZPkpQh5ktbcz6N7cTRmQ==",
6
"nonce": "None"
7
}
8
}