This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
A JWT is a short lifetime token that can be assigned a specific expiration time. To create a JWT session, see JWT session resource.
Applications in our App Store can create a JSON Web Token (JWT) by fetching an user's instance.
Only for the Tokens resource.
You can create a Publishable API Key via our API Keys resource, by specifying the type as
Important: Never share your secret keys. Keep them guarded and secure.
Use your secret API key to make requests from the server side. When you sign up for a Rebilly account, you receive a secret API key. To authenticate in Rebilly API, provide your secret key in the request header.
Installation and usage instructions can be found here. SDK code examples are included in these docs.
For all PHP SDK examples provided in this spec you will need to configure
You may do it like this:
$client = new Rebilly\Client([ 'apiKey' => 'YourApiKeyHere', 'baseUrl' => 'https://api.rebilly.com', ]);
Rebilly provides collections filtering. You can use
?filter param on collection to define which records should be shown in the response.
Here is filter format description:
Fields and values in filter are separated with
Fields in filter are separated with
You can use multiple values using
, as values separator:
To negate the filter use
?filter=firstName:!John. Note that you can negate multiple values like this:
?filter=firstName:!John,Bob. This filter rule will exclude all Johns and Bobs from the response.
You can use range filters like this:
You can use gte (greater than or equals) filter like this:
?filter=amount:1.., or lte (less than or equals) than filter like this:
You can create some specified values lists and use them in filter:
?filter=firstName:@yourListName. You can also exclude list values: