Skip to main content

Overview

The Strata API uses JWT tokens to authorize requests. Create an RSA key pair in the Strata Dashboard which provides a private key that can be used to generate signed JWT tokens. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

1. Create a signing key in the Strata dashboard

In the Strata dashboard, navigate to the Settings page by selecting Settings in the sidebar. Click Generate New Keypair to get a new signing key. Save the private key somewhere secure. You will not be able to see it again.

2. Generate signed user JWT tokens

Generate a JWT token. Use the following header:
  • alg: The algorithm used to sign the JWT. Strata only supports RS256.
  • typ: The type of token. Must be JWT.
{
  "alg": "RS256",
  "typ": "JWT"
}
Use the following JWT payload claims sub, iat, exp, project_id.
  • project_id: Your Strata project ID. This can be found on the Settings page
  • sub: The JWT subject. This is your primary identifier for the user.
  • iat: The JWT issued at timestamp in seconds since the Unix epoch. Typically the current time.
  • exp: The JWT expiration timestamp in seconds since the Unix epoch (must be later than the iat claim).
{
  "project_id": "your_project_id",
  "sub": "user_or_company_id",
  "iat": 1749602274,
  "exp": 1749602290
}
You can optionally include an external_id claim. If provided, it will be used as the user / company identifier and takes precedence over the sub claim. Here is a sample Node.js implementation: 
/**
 * Generate a JWT token for the Strata Sync API
 */
import jwt from "jsonwebtoken";
import dotenv from "dotenv";

dotenv.config();

const currentTime = Math.floor(Date.now() / 1000);

const payload: jwt.JwtPayload = {
  project_id: "<project_id>",
  sub: "<user_id>",
  iat: currentTime,
};

const privateKey = process.env.PRIVATE_KEY;
if (!privateKey) {
  throw new Error("PRIVATE_KEY is not set");
}

const token = jwt.sign(payload, privateKey, {
  algorithm: "RS256",
  expiresIn: "1h",
});

3. Use the signed JWT token to make an API request

curl -X GET "https://api.connectstrata.com/syncs/<sync_id>/events" \
  -H "Authorization: Bearer <jwt_token>" \
  -H "Content-Type: application/json"