# CKEditor Cloud Services REST API

The REST API uses HMAC Authentication. It means that every request must include a signature and a timestamp.
The signature needs to be created in accordance with the requirements mentioned in the Request signature guide.

# Examples

Detailed examples for Node.js and other programming languages can be found in the Request Signatures examples section.

# Converters APIs

Converters APIs use JWT to authenticate requests. The generated token should be placed as Authorization header.

# Example

The token should be generated based on the example below:

    const jwt = require( 'jsonwebtoken' );

    const accessKey = 'w1lnWEN63FPKxBNmxHN7WpfW2IoYVYca5moqIUKfWesL1Ykwv34iR5xwfWLy';
    const environmentId = 'LJRQ1bju55p6a47RwadH';

    const payload = {
        aud: environmentId

    const token = jwt.sign( payload, accessKey, { algorithm: 'HS256', expiresIn: '24h' } );

    console.log( 'Authentication token', token );

For On-premises the payload field should be empty and the accessKey field should be replaced with the value set as SECRET_KEY while configuring the server.

You will find more detailed information in the dedicated sections of the Export to PDF On-Premises and Word Services On-Premises guides.

Please keep in mind that token generation should be done on a backend side, to avoid exposing accessKey to public.
Anyone who gets the accessKey is able to use converters using your subscription.

More detailed examples for Node.js and for other programming language can be found in a Token endpoints examples section.

# Next steps

Read more about the overall System security.