Skip to main content

Access Token

For testing

In your Aurora sandbox, you can use credentials for any active account to load Client SDK.

const library = await import('https://aurora-sdk.s3.amazonaws.com/client-sdk-loader.next.js');
const sdk = await library.load({
  username: '<username>',
  password: '<password>',
});

For running live applications

You'll have to generate a short-lived Client SDK access token for every app user via the Aurora REST API. If you don't have the REST API key already, please contact your Aurora Account Executive or Customer Success Manager to create one for you. Note that to generate Client SDK tokens in production, your Aurora contact should include access to Platform API.

At the beginning of each Client SDK user session, generate a JSON web token (JWT) for your user.

  1. Look up the Aurora user account.

    # GET https://api-sandbox.aurorasolar.com/tenants/{tenant_id}/users

    {
      "users": [
        {
          "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "first_name": "Jessica",
          "last_name": "Smith",
          "email": "jessica.smith@aurorasolar.com",
          "account_status": "active"
        },
        {
          "id": "4bc45f64-5717-4562-b3fc-2c963f66afa6",
          "first_name": "Robert",
          "last_name": "Johnson",
          "email": "robert.johnson@aurorasolar.com",
          "account_status": "active"
        }
      ]
    }

  2. If an active user account exists, generate JWT.

    # POST https://api-sandbox.aurorasolar.com/tenants/{tenant_id}/users/{user_id}/generate_token

    {
      "token": {
        "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImJjYmY5YmIzLWEyNGQtNGJlNC1iMmVlLWZmYWFjMWI3YmVkMSIsImVtYWlsIjoiYW15c3lrK2FkbWluQGF1cm9yYXNvbGFyLmNvbSIsImV4cCI6MTYyOTkyNjQ4MiwianRpIjoiMmM3MzU4Y2YtNjBmNS00MDQ3LWEwOWEtMDBhZDRlNWFjYTlmIn0.WobeYr7jg6ORmn9LgR2JTYONMo_qj-Mppk29k9kU7oI"
      }
    }

  3. If the user doesn’t exist, create a new user account, then generate JWT. Note that you can generate JWT for a user at any of the following access levels: "Limited Team Member", "Team Member", "SDK User", and Advanced Roles. We recommend using "SDK User" level when possible. Users with "SDK User" access level lack permissions to login to the Aurora web application. Also, newly created "SDK User" accounts don't have to accept an emailed invitation in the Aurora web application to use Client SDK.

    # POST https://api-sandbox.aurorasolar.com/tenants/{tenant_id}/users/invite

    {
         "user": {
              "first_name": "Jessica",
              "last_name": "Smith",
              "email": "jessica.smith@aurorasolar.com",
              "phone": "(415) 360-9291",
              "user_level": "SDK User"
         }
    }
    # POST https://api-sandbox.aurorasolar.com/tenants/{tenant_id}/users/{user_id}/generate_token

    {
      "token": {
        "jwt":      "eyX5eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImJjYmY5YmIzLWEyNGQtNGJlNC1iMmVlLWZmYWFjMWI3YmVkMSIsImVtYWlsIjoiYW15c3lrK2FkbWluQGF1cm9yYXNvbGFyLmNvbSIsImV4cCI6MTYyOTkyNjQ4MiwianRpIjoiMmM3MzU4Y2YtNjBmNS00MDQ3LWEwOWEtMDBhZDRlNWFjYTlmIn0.WobeYr7jg6ORmn9LgR2JTYONMo_qj-Mppk29k9kU7oI"
      }
    }

Each "SDK User" can only have one Client SDK session at a time. Users of other access levels (e.g. "Team Member") can have one Client SDK session at a time in addition to a session in Aurora.

JWT tokens expire in 12 hours. The expiration timestamp, user email, Aurora user ID, and Aurora environment (e.g. production, sandbox) will be included in the JWT.

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "jessica.smith@aurorasolar.com",
  "exp": 1629926106,
  "jti": "c0480b0b-5959-4549-8125-b67de2ec3e70"
}