Expired token

Expired `kya` token

Tokens have a short validity time (configurable with the token issuer). Figure 3 shows the initial exchange with a valid kya token, however on subsequent request the token has gone stale and needs to be renewed before the agent is able to access the protected resource:

The Buyer Agent calls the Skyfire API (https://api.skyfire.xyz/api/v1/tokens) to generate a kya token.
If the API key is valid, the Skyfire agent identity provider generates a token according to the criteria defined in the request
The Agent accesses a protected resource.
The bot manager or fraud detection engine protecting the website validate the token, extracts the agent and platform identity claims, classify the traffic and allows it to proceed to the protected web resource
The web server intercept returns the content
On subsequent requests, the agent reuse the same token that has expired.
The bot manager or fraud detection engine protecting the website validate the token,
1. The bot manager or fraud detection engine concludes that the token has expired.
2. The detection engine returned a 401 - Unauthorized HTTP response code with a custom message in the body: See below
3. A custom HTTP headers: skyfire-outcome: Token validation failed
The Buyer Agent calls once more the Skyfire API (https://api.skyfire.xyz/api/v1/tokens) to generate a kya token.
If the API key is valid, the SKyfire agent identity provider generates a token according to the criteria defined in the request
The agent request the protected resource with the new valid token
The bot manager or fraud detection engine protecting the website validate the token, extracts the agent and platform identity claims, classify the traffic and allows it to proceed to the protected web resource

{
	"error": "Expired `kya` token. Please create a new `kya` token - https://docs.skyfire.xyz/reference/create-token and include it in your next request."
}

Fig. 3: Workflow with expired kya token

Expired `pay` token

In case of Expired pay token, the workflow is is similar to the one described in the case of a missing kya token, expect the HTTP status code and message differ in step 2.a:

HTTP status code: 402 - Payment required

Message:

{
	"error": "Expired `pay` token. Please create a new `pay` token - https://docs.skyfire.xyz/reference/create-token and include it in your request."
}

Expired `kya+pay` token

In case of missing kya+pay token, the workflow is is similar to the one described in the case of a missing kya token, expect the HTTP status code and message differ in step 2.a:

HTTP status code: 401 - Unauthorized

Message:

{
	"error": "Expired `kya+pay` token. Please create a new `kya+pay` token - https://docs.skyfire.xyz/reference/create-token and include it in your request."
}

Expired token

Expired `kya` token

The Buyer Agent calls the Skyfire API (https://api.skyfire.xyz/api/v1/tokens) to generate a kya token.
If the API key is valid, the Skyfire agent identity provider generates a token according to the criteria defined in the request
The Agent accesses a protected resource.
The bot manager or fraud detection engine protecting the website validate the token, extracts the agent and platform identity claims, classify the traffic and allows it to proceed to the protected web resource
The web server intercept returns the content
On subsequent requests, the agent reuse the same token that has expired.
The bot manager or fraud detection engine protecting the website validate the token,
1. The bot manager or fraud detection engine concludes that the token has expired.
2. The detection engine returned a 401 - Unauthorized HTTP response code with a custom message in the body: See below
3. A custom HTTP headers: skyfire-outcome: Token validation failed
The Buyer Agent calls once more the Skyfire API (https://api.skyfire.xyz/api/v1/tokens) to generate a kya token.
If the API key is valid, the SKyfire agent identity provider generates a token according to the criteria defined in the request
The agent request the protected resource with the new valid token
The bot manager or fraud detection engine protecting the website validate the token, extracts the agent and platform identity claims, classify the traffic and allows it to proceed to the protected web resource

{
	"error": "Expired `kya` token. Please create a new `kya` token - https://docs.skyfire.xyz/reference/create-token and include it in your next request."
}

Fig. 3: Workflow with expired kya token

Expired `pay` token

In case of Expired pay token, the workflow is is similar to the one described in the case of a missing kya token, expect the HTTP status code and message differ in step 2.a:

HTTP status code: 402 - Payment required

Message:

{
	"error": "Expired `pay` token. Please create a new `pay` token - https://docs.skyfire.xyz/reference/create-token and include it in your request."
}

Expired `kya+pay` token

In case of missing kya+pay token, the workflow is is similar to the one described in the case of a missing kya token, expect the HTTP status code and message differ in step 2.a:

HTTP status code: 401 - Unauthorized

Message:

{
	"error": "Expired `kya+pay` token. Please create a new `kya+pay` token - https://docs.skyfire.xyz/reference/create-token and include it in your request."
}

Expired token

Expired token

Expired kya token

Expired pay token

Expired kya+pay token

Expired token

Expired token

Expired kya token

Expired pay token

Expired kya+pay token

Expired `kya` token

Expired `pay` token

Expired `kya+pay` token

Expired `kya` token

Expired `pay` token

Expired `kya+pay` token