In this chapter, you will understand how to connect FsTK APIs with right authentication.

Table of Contents

  1. Prerequisite
  2. Authentication / Authorization
  3. Next step


  1. Please sign up an account on or

    Notice account data are NOT shared across both platform

    • is Tokeneden built on Kovan Testnet for agile software development, testing & demo.
    • is official Tokeneden built on Ethereum Mainnet.
  2. Please take a look at your asset balances of ETHFSTFIL and FST Service Gas.

    Please remember that assets on belongs to Kovan Testnet; assets on belongs to Mainnet

    • ETH is Ether, a small amount will be given to new accounts on
    • FST is Funder Smart Token, a fundamental Utility Token within FST Network and will be given to new accounts on
    • FIL is FundersToken Initialisation License as Token Issuance License, 1 FIL will be given to new accounts on
    • FST Service Gas is the FsTK module usage fee for Token Issuer, balance is shown at User Profile on the top right corner.
  3. Please prepare your API testing tools

Authentication / Authorization

  1. Retrieve Access Web Token (JWT)

    Please use accounts & passwords on or Notice that it is https, not http.

    Hereinafter we will use as endpoints.

    • Using cURL
    curl -X POST \ \
      -H 'Content-Type: application/json' \
      -H 'cache-control: no-cache' \
      -d '{ "identity": "",
            "password": "yourpassword" }'
    • Using JavaScript
    var request = require("request");
    var options = {
      method: "POST",
      url: "",
      headers: { "cache-control": "no-cache", "Content-Type": "application/json" },
      body: { identity: "", password: "yourpassword" },
      json: true
    request(options, function(error, response, body) {
      if (error) throw new Error(error);
    • Response
        "status": "success",
        "result": {
            "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImZzdGstZW5naW5lIn0.eyJ1aWQiOiLDpsKIc8KdXHUwMDEzw6JcdTAwMTHDqMKCwqBje0x0w6nCsCIsImlhdCI6MTU0ODY0OTM4NiwiZXhwIjoxNTQ4NzM1Nzg2LCJhdWQiOiJ1cm46ZnN0azplbmdpbmUiLCJpc3MiOiJ1cm46ZnN0azplbmdpbmUiLCJzdWIiOiJ1cm46ZnN0azplbmdpbmU6YWNjZXNzX3Rva2VuIn0.gEKFuVuz4LOtGg_dughy7i2uzgNeKb1iS0LjM8IfyHkLFpsczTo9Wd4QQwiUfltErsFxf3k1UtdyLWX2z9QQ8w"
  2. Store and use access_token from Response

    Format of access_token is JSON Web Token, please refer to

    access_token will expire after 24 hours.

    In the future, except API for sign-ins, please assign access_token in authorization within http request header.

    authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImZzdGstZW5naW5lIn0.eyJ1aWQiOiLDpsKIc8KdXHUwMDEzw6JcdTAwMTHDqMKCwqBje0x0w6nCsCIsImlhdCI6MTU0ODY0OTM4NiwiZXhwIjoxNTQ4NzM1Nzg2LCJhdWQiOiJ1cm46ZnN0azplbmdpbmUiLCJpc3MiOiJ1cm46ZnN0azplbmdpbmUiLCJzdWIiOiJ1cm46ZnN0azplbmdpbmU6YWNjZXNzX3Rva2VuIn0.gEKFuVuz4LOtGg_dughy7i2uzgNeKb1iS0LjM8IfyHkLFpsczTo9Wd4QQwiUfltErsFxf3k1UtdyLWX2z9QQ8w

    Notice the string, Bearer , must be added before access_token then authorization header will work.

Next step

Next step