REST API v2
The API v2 provides updates for some of the elDoc REST API endpoints and more strict JWT security requirements.
JWT header must contain the following attributes:
alg- Must be present, supported algorithms: HS256, HS384, HS512
JWT payload must contain the following claims:
sub- Must be present, system ID of the respective API account
iat- Must be present
nbf- Must be present, allowed time difference with the server time can not be more than 30 sec
exp- Must be present, allowed maximum validity period 5 min
aud- Must be present, to be provided in format "METHOD:URL" where:
- METHOD is method type of the request (in uppercase), e.g.: POST, GET, etc.
- URL is a path part without get-parameters of the request target url. For the request sent to the URL "https://eldoc.domain.com/api/v2/docForm/ABC123?fields=_id,_id_web" the value must be set to: "/api/v2/docForm/ABC123"
JWT has to be signed with the security token of the the respective API Account.
According to the JWT spec all dates are to be stated in UTC time zone in Unix epoch time format (the number of seconds that have elapsed since January 1, 1970).