DragonPass API Developer Platform
v2
  • v2
  • v1
Homepage
Official SiteContact Us
Homepage
Official SiteContact Us
API Version
v2
  • v2
  • v1
v2
  • v2
  • v1
  1. Development Guide
  • Implementation Guide
    • Get Started
    • Our API Solution
    • DragonPass Modules
  • Development Guide
    • Authentication
    • Response Format
    • Error Codes
    • Order Lifecycle
    • Multiple Language Support and Fallback
    • Sandbox Order Simulation
    • UI Design Guidelines
  • Using the API
    • Search for Resources
      • Search for Resources
      • Check Prebooking Resource & Option Availability
      • Pricing Query
      • Image Parameters
    • E-pass
      • Issuing, Querying, and Cancelling an E-pass
      • Querying E-pass Usage Orders and Details
      • Utilizing The E-pass
        • Lounge
        • Fast Track
        • Dining
        • Cross Module
        • Fitness
        • eSIM
    • Membership
      • Manage Memberships & Entitlements
      • Querying Membership Usage Orders and Details
      • Utilizing DragonPass Membership
        • Lounge
        • Fast Track
        • Dining
        • Fitness
        • eSIM
    • User
      • User Management
  • Push Event
    • Lounge/Dining Walk-in Redemption Event
    • Prebooking Order Status Change Event
    • Instructions
    • Resource Update Push Service
  • Release Notes
    • 2025
    • 2026
  • Migration Guide
    • From V1 to V2
  • API Reference
    • Authentication
      • Generate Access Token
    • Search
      • Aggregated Search by Keyword
      • Retrieve Available Modules by Location
    • Transport Hubs
      • Retrieve Transport Hub
      • Retrieve Transport Hub Details
    • Resources
      • Resource List
        • Retrieve Resources List
      • Resource Details
        • Retrieve Resource Details
      • Check Resource Availability
        • Check Prebooking Resource Availability
        • Check Prebooking Option Availability
      • Fitness
        • Retrieve Fitness Resource Option Details
        • Retrieve Fitness Resources Schedule
      • eSIM
        • Retrieve eSIM Resource Option Details
        • Retrieve eSIM Resouces Options
      • Pricing
        • Retrieve Resource Pricing Information
        • Retrieve Prebooking Option Pricing Information
    • User Management
      • User Creation
      • Update User Information
      • Delete A User
      • Retrieve User Information
      • Retrieve User Memberships List
      • Retrieve User E-passes List
    • E-pass
      • E-pass Management
        • Create E-pass Order
        • Retrieve E-pass Details
        • Cancel an E-pass
      • Orders & Usage
        • Create Orders
          • Lounge Prebooking
            • Create E-pass Prebooking Order - Lounge
            • Create E-pass with Prebooking Order - Lounge
          • Fast Track
            • Create E-pass Prebooking Order - Fast Track
            • Create E-pass with Prebooking Order - Fast Track
          • Fitness
            • Create E-pass Prebooking Order - Fitness
            • Create E-pass with Prebooking Order - Fitness
          • eSIM
            • Create E-pass Prebooking Order - eSIM
            • Top up eSIM data package - E-pass
            • Create E-pass with Prebooking Order - eSIM
        • Retrieve Order List
          • Retrieve E-pass Order List
        • Cancel Orders
          • Cancel an Order
        • Module Specific APIs
          • Fitness
            • Fitness Order Check-In
          • eSIM
            • Retrieve eSIM Data Packages
            • Check eSIM Top-up Availability
            • Retrieve eSIM Order Live Extended Details
        • Usage Details
          • Retrieve E-pass Usage Order Details
    • Membership & Entitlement
      • Membership Lifecycle
        • Membership Registration
        • Update A Membership
        • Retrieve Membership Information
        • Generate Membership Dynamic QR Codes
      • Entitlement Management
        • Update Membership Entitlements
        • Retrieve Membership Entitlement Information
      • Orders & Usage
        • Preview Orders
          • Preview Membership Prebooking Order
        • Create Orders
          • Create Membership Prebooking Order - Lounge
          • Create Membership Prebooking Order - Fast Track
          • Create Membership Prebooking Order - Fitness
          • Create Membership Prebooking Order - eSIM
          • Top up eSIM data package - Membership
        • Cancel Orders
          • Cancel an Order
        • Retrieve Order List
          • Retrieve Membership Order List
        • Usage Details
          • Retrieve Membership Usage Order Details
        • Module Specific APIs
          • Fitness
            • Fitness Order Check-In
          • eSIM
            • Retrieve eSIM Order Live Extended Details
            • Check eSIM Top-up Availability
            • Retrieve eSIM Data Packages
    • Push Event Recovery
      • Push Event Recovery
    • [Sandbox Only] Simulation
      • Lounge
        • Simulate Lounge Redemption - Walk in
        • Simulate Lounge Redemption - Prebooking
        • Simulate Lounge Order Cancellation
      • Fast Track
        • Simulate Fast Track Redemption - Prebooking
        • Simulate Fast Track Order Cancellation
  • Our Team
Homepage
Official SiteContact Us
Homepage
Official SiteContact Us
API Version
v2
  • v2
  • v1
v2
  • v2
  • v1
  1. Development Guide

Authentication

Our API uses JSON Web Tokens (JWT) for secure authentication, providing efficient and reliable access while maintaining strong security standards.
To generate a JWT, you'll need to use a library that supports JWT creation and validation. You can visit jwt.io to find libraries and examples specific to your programming environment.
Please ensure that you securely store the secret key and do not expose it in your client-side code.
We recommend transitioning from HS256 to RS256 for enhanced security. We also suggest that clients provide their public key for verification purposes.

RS256(Recommend)#

Account Setup and Credential Generation#

Once you're ready to connect to our sandbox environment, you will be required to generate an RSA key pair and share the public key with DragonPass.
Once DragonPass receives the public key, we will configure the necessary endpoint permissions and issue the issuer value for the client to use when generating JWTs.

Key Exchange Flow#

Example: Generate RSA Key Pair Using OpenSSL#

Here is an example of generating a RSA key pair

JWT Payload Example (RS256)#

When using the RS256 algorithm (asymmetric signing with RSA), the payload structure remains the same as with HS256. A typical JWT payload includes the following claims:
{
  "iss": "6A909655CF67444A93262A665CDD235F",
  "exp": 1718236800
}
Note: iss (issuer) will be provided by DragonPass. exp (expiration) should be a Unix timestamp indicating when the token expires.

HS256#

Clients currently utilizing HS256 for JWT authentication may continue using this algorithm without service interruption. DragonPass will engage with each client to coordinate a update plan and timeline for transitioning to the RS256 algorithm, in alignment with enhanced security standards.

Account Setup#

When you're ready to connect to our sandbox environment, DragonPass will assist in account setup and provide the necessary credentials for JWT generation:
Issuer (iss): 6A909655CF67444A93262A665CDD235F
A unique issuer identifier will be assigned to your account. This identifier must be used when generating JWTs to ensure they are valid for API endpoints.
Secret Key: 60B118779DD14B0990692B51BF8B93DC
A new, unique secret key will be generated for your account. This key is used to sign the JWTs, ensuring that they are secure and have not been tampered with.

JWT Self-Generation#

Once your JWT library is set up, you can generate your own token by including the required claims and signing it using your secret key.
The payload typically includes the following claims:
{
  "iss": "6A909655CF67444A93262A665CDD235F",
  "exp": 1718236800
}

Example Snippet (Java)#

Token Generation via API#

Alternatively, you can request a token directly from our API using your credentials.
Call the Generate Access Token endpoint and include your clientId(issuer) and secret in the request body.
Request
{
    "clientId": "DragonPass", // issuer
    "secret": "dpSecretKey12345"
}
Response
{
  "code": 0,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "tokenType": "Bearer",
    "validUntil": 1923263999
  }
}
The returned token is valid for 1 hour.
Modified at 2026-02-02 10:19:26
Previous
DragonPass Modules
Next
Response Format