JSON Web Token (JWT)
Last updated
Last updated
JSON Web Token (JWT) is an open, industry standard RFC 7519 method for representing claims securely between two parties. You can enable JWT in your API Key and send requests with JWT to ensure only authorized requests are available.
It's easy to enable JWT and send requests with JWT. You just need to follow the below instructions:
Generate your own RSA-256 public and private key with 2048 length. Below is the example using OpenSSL.
Login > Dashboard > RPC > API Key > Setting
Enable the JTW and input the public key generated in previous step.
You will get the public key ID (uuid) after clicking "Add"
Copy ID (uuid) for JWT generation
Once you've enabled the JWT, it's required to add the JWT in all the requests header. Below is the example of generating JWT using https://jwt.io/You need HEADER, PAYLOAD, & SIGNATURE to generate a JWT.
alg
The signing algorithm being used
RS256
typ
The type of the token
JWT
You can use your terminal to encode the header.
uuid
TRUE
The ID generated in the previous step in the dashboard.
00000000-0000-0000-0000-000000000000
exp
FALSE
The expiry time. It should be no later than current time + 24 hours. Unix timestamp format.
1656907527
You can convert a human-readable timestamp to epoch by command below.
Make sure your expiration time is no longer than current time + 24 hours.You can encode your payload by command below.
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
Your JWT is the combination of your encoded header.payload.signature.
Verify your jwt by the debugger.
After generating the JWT, you would need to add the JWT as a part of your request header -H "Authorization: Bearer
entry.
If you have enabled the JWT but sending requests without JWT or with incorrect JWT, you will receive a http 401 error status code and also the response below.
You should either disable the JWT setting or send requests with correct JWT.