Table of Contents

Authentication

To access UEAT's POS Integration API, partners must authenticate using a secure JWT token provided by UEAT during the onboarding process.

Authentication Method

UEAT uses an authentication token via a custom header. Each POS partner must have a unique authentication key (secret) that must be included in every request to the API.

UEAT will provide the key to be able to encrypt and decrypt the token.

This key is essential for all communications between the POS and UEAT. Including calls and responses.

Request Header Format

Each token must be encrypted using HS256 format.

Non-Prod Format

GET /v2/endpoint HTTP/1.1
authorization: Bearer token
  • authorization: This header must contain the token provided by UEAT.
  • The key is tied to your non-production environment.
  • UEAT sends the encrypted token and the POS needs the secret to decrypt it.

Prod Format

GET /v2/endpoint HTTP/1.1
authorization: Bearer token
  • authorization: This header must contain the token provided by UEAT.
  • The key is tied to your production environment.
  • UEAT sends the encrypted token and the POS needs the secret to decrypt it.

Audience

UEAT expects an audience in the token.

POS to UEAT

Expected decrypted token value:

{  
    "sub": "LocationID",  
    "jti": "UniqueID for each token",  
    "nbf": 1767225600,  //not before Timestamp
    "exp": 1798761600,  //expiration Timestamp  
    "iss": "POSName",    // the one sending the message.
    "aud": "io.ueat.pos.brokers.openapi"  
}

UEAT to POS

Expected decrypted token value:

{  
    "sub": "LocationID",  
    "jti": "UniqueID for each token",  
    "nbf": 1767225600,  //not before Timestamp
    "exp": 1798761600,  //expiration Timestamp  
    "iss": "io.ueat.pos.brokers.openapi",  // the one sending the message.
    "aud": "POSName"
}

Obtaining Your Key

During the Environment Setup phase of the integration process:

  • UEAT will provide a non-prod environment Key for development and testing.
  • Once integration is validated, a production Key will be issued.

Security Considerations

  • Keep your Key confidential and never expose it in public repositories or client-side code.
  • If your key is compromised, contact UEAT immediately to revoke and regenerate it.