DragonPass API Developer Platform
v2
  • v2
  • v1
HomepageOfficial SiteContact Us
HomepageOfficial SiteContact Us
API Version
v2
  • v2
  • v1
  1. Development Guide
  • Implementation Guide
    • DragonPass Modules
    • Get Started
    • Our API Solution
  • Development Guide
    • Response Format
    • Error Codes
    • Multiple Language Support and Fallback
    • UI Design Guidelines
    • Authentication
    • Sandbox Order Simulation
  • DragonPass API Push Event
    • Instructions
    • Lounge/Dining Walk-in Redemption Event
    • Prebooking Order Status Change Event
    • Resource Update Push Service
  • Using the API
    • Search for Resources
      • Search for Resources
      • Check Prebooking Resource & Option Availability
      • Pricing Query
      • Image Parameters
    • Order Lifecycle
      • Walk-in & Prebooking Order
      • Order Status Enumeration
    • E-pass
      • Querying E-pass Usage Orders and Details
      • Issuing, Querying, and Cancelling an E-pass
      • Utilizing The E-pass
        • Lounge
        • Fast Track
        • Dining
        • Fitness
        • eSIM
        • Cross Module
    • Membership
      • Manage Memberships & Entitlements
      • Querying Membership Usage Orders and Details
      • Utilizing DragonPass Membership
        • Lounge
        • Fast Track
        • Dining
        • Fitness
        • eSIM
    • User
      • User Management
  • Release Notes
    • 2026
    • 2025
  • Migration Guide
    • From V1 to V2
  • API Reference
    • Authentication
      • Generate Access Token
    • User Management
      • User Creation
      • Update User Information
      • Retrieve User Information
      • Retrieve User E-passes List
      • Retrieve User Memberships List
      • Delete A User
    • Search
      • Retrieve Available Modules by Location
      • Aggregated Search by Keyword
    • Transport Hubs
      • Retrieve Transport Hub
      • Retrieve Transport Hub Details
    • Resources
      • Retrieve Resource List
        • Retrieve Resources List
      • Search For Resources
        • Retrieve Resource Details
        • List Updated Resources
      • Check Resource Availability
        • Check Prebooking Resource Availability
        • Check Prebooking Option Availability
      • Fitness
        • Retrieve Fitness Resources Schedule
        • Retrieve Fitness Resource Option Details
      • eSIM
        • Retrieve eSIM Resouces Options
        • Retrieve eSIM Resource Option Details
      • Pricing
        • Retrieve Resource Pricing Information
        • Retrieve Prebooking Option Pricing Information
    • Entitlement Management
      • Update Membership Entitlements
      • Retrieve Membership Entitlement Information
    • Membership Management
      • Membership Registration
      • Update A Membership
      • Retrieve Membership Information
      • Generate Membership Dynamic QR Codes
      • Change Membership Program(Upgrade/Downgrade)
    • Orders Management
      • Preview Orders
        • Membership
          • Preview Membership Prebooking Order
      • Create Orders
        • E-pass
          • Issue An E-pass
            • Create E-pass Order
          • Lounge Prebooking
            • Create E-pass Prebooking Order - Lounge
            • Create E-pass with Prebooking Order - Lounge
          • Fast Track
            • Create E-pass Prebooking Order - Fast Track
            • Create E-pass with Prebooking Order - Fast Track
          • Fitness
            • Create E-pass Prebooking Order - Fitness
            • Create E-pass with Prebooking Order - Fitness
          • eSIM
            • Create E-pass Prebooking Order - eSIM
            • Create E-pass with Prebooking Order - eSIM
            • Top up eSIM data package - E-pass
        • Membership
          • Create Membership Prebooking Order - Lounge
          • Create Membership Prebooking Order - Fast Track
          • Create Membership Prebooking Order - Fitness
          • Create Membership Prebooking Order - eSIM
          • Top up eSIM data package - Membership
      • Retrieve Order List
        • Retrieve E-pass Order List
        • Retrieve Membership Order List
      • Cancel Orders
        • Cancel an Order
      • Retrieve Order Details
        • E-pass
          • Retrieve E-pass Details
          • Retrieve E-pass Usage Order Details
        • Membership
          • Retrieve Membership Usage Order Details
      • Module Specific APIs
        • Fitness
          • Fitness Order Check-In
        • eSIM
          • Retrieve eSIM Order Live Extended Details
          • Check eSIM Top-up Availability
          • Retrieve eSIM Data Packages
    • [Sandbox Only] Simulation
      • Lounge
        • Simulate Lounge Redemption - Walk in
        • Simulate Lounge Redemption - Prebooking
        • Simulate Lounge Order Cancellation
      • Fast Track
        • Simulate Fast Track Redemption - Prebooking
        • Simulate Fast Track Order Cancellation
    • Push Event Recovery
      • Push Event Recovery
  • Our Team
  1. Development Guide

Authentication

Our API uses JSON Web Tokens (JWT) for secure authentication, providing efficient and reliable access while maintaining strong security standards.
To generate a JWT, you'll need to use a library that supports JWT creation and validation. You can visit jwt.io to find libraries and examples specific to your programming environment.
Please ensure that you securely store the secret key and do not expose it in your client-side code.
We recommend transitioning from HS256 to RS256 for enhanced security. We also suggest that clients provide their public key for verification purposes.

RS256(Recommend)#

Account Setup and Credential Generation#

Once you're ready to connect to our sandbox environment, you will be required to generate an RSA key pair and share the public key with DragonPass.
Once DragonPass receives the public key, we will configure the necessary endpoint permissions and issue the issuer value for the client to use when generating JWTs.

Key Exchange Flow#

Example: Generate RSA Key Pair Using OpenSSL#

Here is an example of generating a RSA key pair

JWT Payload Example (RS256)#

When using the RS256 algorithm (asymmetric signing with RSA), the payload structure remains the same as with HS256. A typical JWT payload includes the following claims:
{
  "iss": "6A909655CF67444A93262A665CDD235F",
  "exp": 1718236800
}
Note: iss (issuer) will be provided by DragonPass. exp (expiration) should be a Unix timestamp indicating when the token expires.

HS256#

Clients currently utilizing HS256 for JWT authentication may continue using this algorithm without service interruption. DragonPass will engage with each client to coordinate a update plan and timeline for transitioning to the RS256 algorithm, in alignment with enhanced security standards.

Account Setup#

When you're ready to connect to our sandbox environment, DragonPass will assist in account setup and provide the necessary credentials for JWT generation:
Issuer (iss): 6A909655CF67444A93262A665CDD235F
A unique issuer identifier will be assigned to your account. This identifier must be used when generating JWTs to ensure they are valid for API endpoints.
Secret Key: 60B118779DD14B0990692B51BF8B93DC
A new, unique secret key will be generated for your account. This key is used to sign the JWTs, ensuring that they are secure and have not been tampered with.

JWT Self-Generation#

Once your JWT library is set up, you can generate your own token by including the required claims and signing it using your secret key.
The payload typically includes the following claims:
{
  "iss": "6A909655CF67444A93262A665CDD235F",
  "exp": 1718236800
}

Example Snippet (Java)#

Token Generation via API#

Alternatively, you can request a token directly from our API using your credentials.
Call the Generate Access Token endpoint and include your clientId(issuer) and secret in the request body.
Request
{
    "clientId": "DragonPass", // issuer
    "secret": "dpSecretKey12345"
}
Response
{
  "code": 0,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "tokenType": "Bearer",
    "validUntil": 1923263999
  }
}
The returned token is valid for 1 hour.
Modified at 2026-02-02 10:19:26
Previous
UI Design Guidelines
Next
Sandbox Order Simulation