AUTHENTICATION
All RESTful API calls targeting Supply-Lingo infrastructure require secure JWT tokens passed inside the authorization header, plus project-level signature headers for timestamp validation.
const supplyLingoNode = require("supply-lingo-sdk");
supplyLingoNode.initialize({
company_id: "NIMBUS_WY_82001",
api_secret_key: "LIVE_SK_XXXXXX_2026"
});
const timestr = Date.now().toString();
const sign = sha256(api_secret_key + timestr);
DISTRIBUTOR CREDITING
Local partners can provision credits by mapping token bundles to unique student telephone nodes or database UUIDs. This creates auditable inventory allocation without exposing wholesale commercial baselines.
POST /api/v1/distributor/allocate_tokens
{
"target_student_id": "+971 50 772 XXXX",
"allocated_token_bundle": 100,
"sku_tier_verification": "Premium_Distributor_Tier",
"simulator_notification_url": "https://partner.example.com/hooks/simulator",
"allocation_mode": "audited_prepaid_credit"
}
MEDIA ROUTING
The RTC refresh endpoint renews active classroom credentials before a token expiry window can interrupt a lesson. The response is designed for Web, iOS, Android, and white-label mobile clients.
POST /api/v1/rtc/refresh_credentials
headers: {
"sign": "{sign}",
"timestr": "{timestr}",
"Authorization": "Bearer {project_token}"
}
body: {
"lesson_id": "LSN_2026_00019",
"client_runtime": "webrtc"
}
REALTIME EVENTS
After the HTTP session is established, partners can join the Socket.IO channel with vendor credentials and a chat hash. Message, disconnect, textbook, and room lifecycle events remain isolated by project scope.
const socket = io("https://gateway.supply-lingo.com", {
path: "/socket.io"
});
socket.emit("authenticate", {
vendor_api_key: "{vendor_api_key}",
vendor_api_token: "{vendor_api_token}",
chat_hash: "{chat_hash}",
user_id: 12345
});
socket.on("lesson.message", handleMessage);
ACCESS REVIEW
Institutional access is issued after compliance verification, implementation scope review, and approval of the selected commercial framework.