Skip to content
دُرج

Authentication

The Tajir API uses Bearer Token authentication. Every request must include a valid API token in the Authorization header.

Token Format

Authorization: Bearer tjr_a1b2c3d4e5f6...

Tokens are prefixed with tjr_ followed by 64 hex characters.

Generating Tokens

  1. Log into your Admin Dashboard at admin.durj.ly
  2. Navigate to Integrations (التكاملات)
  3. Click Create New Token (إنشاء مفتاح API جديد)
  4. Give it a descriptive name (e.g., “Odoo Production”)
  5. Copy the token immediately — it won’t be shown again

Token Security

  • Tokens are stored as SHA-256 hashes — we cannot retrieve your raw token
  • Each token is scoped to a single tenant (store)
  • Tokens can be revoked instantly from the dashboard
  • Set an expiration date for temporary integrations

Error Responses

401 Unauthorized

{
  "statusCode": 401,
  "message": "Missing or invalid Authorization header. Use: Bearer <token>"
}

429 Too Many Requests

{
  "statusCode": 429,
  "message": "Rate limit exceeded. Please retry after the window resets."
}

Best Practices

  1. Never expose tokens in client-side code — only use them server-to-server
  2. Use different tokens for development and production
  3. Rotate tokens regularly — revoke old ones after generating new ones
  4. Set expiration dates for tokens used by contractors or temporary integrations
  5. Monitor last_used_at in the dashboard to detect unused tokens