Authenticating API requests

The API is designed around secure sessions. Once a session is created a JWT should be signed on the client side and provided in an Authorization header.

const { session_id, session_secret } =;
const path = `/api/v1/session/${session_id}/accounts`;
const bearer = jwt.encode({
path: path,
session_id: session_id,
}, session_secret)
const accountsResponse = await axios.get(`${path}`,
headers: {
authorization: `Bearer ${bearer}`