Global-e sends notifications to merchants or platforms, upon completion of asynchronous operations, detected errors, and other cases.
To secure the notifications issued by Global-e to merchants and ensure that only the addressee receiving can read them, Global-e uses the JWT authorization method. Each API call from Global-e to the merchant URL will also include the authorization token in the header.
Global-e provides the merchants with a public key. Private and public keys are used to encrypt and decrypt the data. The private key is kept on the Global-e side, and the public key is shared with the Platform side to receive the notifications. The same public key is used for all merchants.
Merchants authenticating Global-e calls with JWT (Global-e > Merchant calls)
- Global-e provides a public key to the merchant. See below.
- The global-e integration engineer enables the MAS
JWTAuthEnabledparameter to be TRUE for all endpoints.
- The merchant sets authentication by issuing API calls using the authenticating token provided as input and encrypted format.
Global-e Public Keys
Global-e provides two public keys for merchants: One for the test environment and one for production. All merchants use the same public keys.
The following are the public keys:
-
Public key in test environments - used for STAGING, QA, and QA-INT environment
-
Production Public Key
This authentication is currently supported only for SFCC.