Skip to main content
This guide explains how to:
  • Get your API key for Rollout’s universal API
  • Generate an auth token

Step 1: Get a Client ID and Secret

Request access to get a Rollout account and dashboard access. In your Rollout dashboard, you can view and copy your Client ID and Client Secret.

Credential Storage Model

  • Your app stores your Rollout Client ID and Client Secret and uses them to mint short-lived JWTs.
  • Rollout stores and manages upstream OAuth tokens / API keys for connected systems (CRM/TMS/LOS/Email).
  • If needed, you can query connected credentials through the Rollout API (for example via /api/credentials) for inspection and operational workflows.
Never include your Client Secret in your source code or send it to your front-end. If you believe your Secret has been compromised, please contact us immediately at support@rollout.com.

Step 2: Generate an Auth Token

Once you have a Client ID and Client Secret, you can generate an authToken. The authToken is a JSON Web Token (JWT), which is a secure, short-lived token used to authenticate your app with the Rollout API and UI components. In the authToken you will also embed a unique ID to identify your user (this could be an agent’s user ID or a brokerage’s user ID or any other user entity). Here is how to generate your authToken 
const jwt = require('jsonwebtoken');

/**
 * Generate a JWT token that expires in 15 minutes.
 * @param {string} userId - User identifier
 * @returns {string} JWT token
 */
function generateToken(userId) {
  const now = Math.floor(Date.now() / 1000);

  return jwt.sign(
    {
      iss: process.env.ROLLOUT_CLIENT_ID,
      sub: userId,
      iat: now,
      exp: now + 900, // 15 minutes
    },
    process.env.ROLLOUT_CLIENT_SECRET,
    { algorithm: 'HS512' }
  );
}

// Example usage:
const token = generateToken('user123');
Install libraries for your stack:
  • JavaScript: npm install jsonwebtoken
  • Python: pip install pyjwt
  • Ruby: gem install jwt
  • PHP: composer require firebase/php-jwt
  • Java (Maven): add io.jsonwebtoken:jjwt:0.9.1
  • C#: add System.IdentityModel.Tokens.Jwt
  • Go: go get github.com/golang-jwt/jwt/v5
Remember to always generate your authToken on your server in order to keep your Client Secret secure. The best practice is to create a route in your web app or endpoint in your API to generate a Rollout token and then fetch that from your front end.