Skip to content
On this page

API Authorization

Some of the ExinOne APIs require authentication. You need to use the token issued by ExinOne to call them.

In the previous step, Generate Key, a keystore.json file was generated. The information in this file will be used to call Mixin's APIs to obtain the Mixin Token issued by Mixin.

ExinOne will use this Mixin Token to obtain information and register the user, and then return a Bearer Token as the request token for ExinOne API.

Next, let's see how to operate.

Generate Mixin Token

Taking PHP as an example, using mixin-sdk-php, you can use the following code to generate an access token:


The signature implementation refers to the Mixin developer document Signing, sign authentication token for GET with scope "FULL", and the JWT Payload has an additional parameter:

JWT Payload:

audstringMust be the client_id of the ExinOne robot, 61103d28-3ac2-44a2-ae34-bd956070dab1

Using the token obtained in the previous step, proceed to the next step of authorization login.

Authorization Login

POST /mixin/me


tokenstringRequired. The token obtained in the "Generate Mixin Token" step.


    "code": "0",
    "success": true,
    "message": "",
    "data": {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpcxxxxxx",
        "tokenType": "Bearer",
        "expiresIn": 86400
    "timestampMs": 1678874885032

The data.token above is the Token issued by ExinOne, which you can use to call ExinOne API.