JWT Tokens

How to obtain and use JWT tokens for RackCorp API authentication

Overview

RackCorp API supports multiple authentication methods. You can authenticate using:

  • JWT Token: Obtained via login credentials or API key, then used in the Authorization: Bearer header
  • API Key Direct: Pass API UUID and secret directly in each request (JSON body or Basic auth header)
  • Session ID: Use a session ID from a previous login
  • JWT Cookie: Use JWT token stored in JWTSESSIONID cookie

Note: While JWT tokens are recommended for most use cases, you can use API UUID and secret directly without obtaining a JWT first.

Method 1: Using Login Credentials

Authenticate with your RackCorp portal username and password and ask the API to return a JWT.

Request (JSON)

{
  "cmd": "session.login",
  "username": "your_username",
  "password": "your_password",
  "jwt": 1,
  "2fatoken": "optional_2fa_code"
}

cURL

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "session.login",
    "username": "your_username",
    "password": "your_password",
    "jwt": 1
  }'

Python

import requests

response = requests.post(
    "https://api.rackcorp.net/api/rest/v2.9/json.php",
    json={
        "cmd": "session.login",
        "username": "your_username",
        "password": "your_password",
        "jwt": 1
    }
)

data = response.json()

if data["code"] == "OK":
    token = data.get("token") or response.cookies.get("JWTSESSIONID")
    print("JWT:", token)
else:
    print("Login failed:", data["message"])

PHP

<?php
$ch = curl_init('https://api.rackcorp.net/api/rest/v2.9/json.php');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
    'cmd' => 'session.login',
    'username' => 'your_username',
    'password' => 'your_password',
    'jwt' => 1
]));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);

$response = curl_exec($ch);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$headers = substr($response, 0, $headerSize);
$body = substr($response, $headerSize);
$data = json_decode($body, true);

if ($data['code'] === 'OK') {
    $token = $data['token'] ?? null;
    if (!$token && preg_match('/JWTSESSIONID=([^;]+)/', $headers, $m)) {
        $token = $m[1];
    }
    echo "JWT: " . $token . PHP_EOL;
} else {
    echo "Login failed: " . $data['message'] . PHP_EOL;
}

curl_close($ch);
?>

Method 2: Using API Key to Get JWT

For automation, authenticate using an API key and call /customer/jsonwebtoken to obtain a JWT token. This endpoint supports both GET and POST methods.

Using Authorization Header (Recommended)

Authorization: Basic base64(APIUUID:APISECRET)

cURL (GET)

curl -X GET "https://api.rackcorp.net/api/rest/v2.9/customer/jsonwebtoken" \
  -H "Authorization: Basic $(echo -n 'your_api_uuid:your_api_secret' | base64)"

cURL (POST)

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/customer/jsonwebtoken" \
  -H "Authorization: Basic $(echo -n 'your_api_uuid:your_api_secret' | base64)"

Python

import base64
import requests

api_uuid = "your_api_uuid"
api_secret = "your_api_secret"
creds = base64.b64encode(f"{api_uuid}:{api_secret}".encode()).decode()

# Both GET and POST are supported
response = requests.get(
    "https://api.rackcorp.net/api/rest/v2.9/customer/jsonwebtoken",
    headers={"Authorization": f"Basic {creds}"}
)

# Or use POST:
# response = requests.post(
#     "https://api.rackcorp.net/api/rest/v2.9/customer/jsonwebtoken",
#     headers={"Authorization": f"Basic {creds}"}
# )

data = response.json()
if data["code"] == "OK":
    print("JWT:", data["token"])
else:
    print("Error:", data["message"])

Method 3: Direct API Key Authentication

You can authenticate directly using your API UUID and secret in each request without obtaining a JWT token first. This is useful for simple scripts or when you prefer not to manage JWT tokens.

Option A: Using Authorization Header (Recommended)

Pass credentials via Basic authentication in the Authorization header:

Authorization: Basic base64(APIUUID:APISECRET)

cURL Example

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic $(echo -n 'your_api_uuid:your_api_secret' | base64)" \
  -d '{
    "cmd": "loadbalancer.getall"
  }'

Python Example

import base64
import requests

api_uuid = "your_api_uuid"
api_secret = "your_api_secret"
creds = base64.b64encode(f"{api_uuid}:{api_secret}".encode()).decode()

response = requests.post(
    "https://api.rackcorp.net/api/rest/v2.9/json.php",
    headers={
        "Content-Type": "application/json",
        "Authorization": f"Basic {creds}"
    },
    json={"cmd": "loadbalancer.getall"}
)

data = response.json()
print(data)

Option B: Using JSON Body

Include APIUUID and APISECRET directly in the request JSON body:

cURL Example

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "loadbalancer.getall",
    "APIUUID": "your_api_uuid",
    "APISECRET": "your_api_secret"
  }'

Python Example

import requests

response = requests.post(
    "https://api.rackcorp.net/api/rest/v2.9/json.php",
    headers={"Content-Type": "application/json"},
    json={
        "cmd": "loadbalancer.getall",
        "APIUUID": "your_api_uuid",
        "APISECRET": "your_api_secret"
    }
)

data = response.json()
print(data)

Security Note: When using the Authorization header method, credentials are not exposed in request logs or URL parameters, making it more secure than including them in the JSON body.

Method 4: Using Session ID

If you have a session ID from a previous login, you can use it directly in requests.

Using JSON Body

{
  "cmd": "loadbalancer.getall",
  "USERSESSIONID": "your_session_id"
}

cURL Example

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -d '{
    "cmd": "loadbalancer.getall",
    "USERSESSIONID": "your_session_id"
  }'

Using Your JWT Token

Once you have a JWT token, use it in the Authorization header for all subsequent API calls:

Authorization: Bearer YOUR_JWT_TOKEN

cURL Example

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "cmd": "loadbalancer.getall"
  }'

Python Example

import requests

jwt_token = "YOUR_JWT_TOKEN"

response = requests.post(
    "https://api.rackcorp.net/api/rest/v2.9/json.php",
    headers={
        "Content-Type": "application/json",
        "Authorization": f"Bearer {jwt_token}"
    },
    json={"cmd": "loadbalancer.getall"}
)

data = response.json()
print(data)

Using JWT Cookie

If your JWT token is stored in a cookie named JWTSESSIONID, it will be automatically used for authentication:

curl -X POST "https://api.rackcorp.net/api/rest/v2.9/json.php" \
  -H "Content-Type: application/json" \
  -H "Cookie: JWTSESSIONID=YOUR_JWT_TOKEN" \
  -d '{
    "cmd": "loadbalancer.getall"
  }'

Authentication Method Summary

The API supports the following authentication methods (checked in order):

  1. API UUID + Secret (via Authorization header or JSON body)
  2. Session ID (via USERSESSIONID in JSON body)
  3. JWT Cookie (via JWTSESSIONID cookie)
  4. JWT Bearer Token (via Authorization: Bearer header)

Recommendation: For production applications, use JWT tokens with the Bearer authentication method. For simple scripts or automation, you can use API UUID and secret directly without obtaining a JWT first.