JWT Tokens

A guide on using JSON Web Tokens with the NetSapiens API

What follows is a brief guide to using JWTs on our platform, but first a little background, just in case:

JSON Web Tokens (JWTs) are a compact, self-contained way to securely transmit information between parties as a JSON object. Let me break down how they work and how you can use them in your applications.

What is a JWT?

A JWT is essentially a string that has three parts separated by dots:

eyJhbGcirandomkeyboardmashingCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NmorekeyboardmashinggRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.
SflKxwRJSMeKKFthirdmashupOk6yJV_adQssw5c

These three parts are:

Header - Contains the type of token and the signing algorithm being used
Payload - Contains the data being transferred
Signature - Used to verify the token hasn't been tampered with

When to Use JWTs

JWTs are perfect for:

Authentication: After a user logs in, subsequent requests will include the JWT
Authorization: Once logged in, the JWT tells the server what the user is allowed to do
Information Exchange: Securely transferring data between parties

Requesting JWTs through the NS API

Here is an example of how to request a JWT through the API, in this case using a username and password:

Requesting a JWT (cURL version):

curl --location --request POST 'https://{{your_URL}}/ns-api/v2/jwt' \
--header 'User-Agent: {{your user agent}} (https://{{your_URL.com}})' \
--header 'Content-Type: application/json' \
--header 'Accept: */*' \
--header 'Host: {{your host domain}}' \
--header 'Connection: keep-alive' \
--data-raw '{
    "grant_type": "password",
    "client_id": "",
    "client_secret": "",
    "username": "{{sub_login}}",
    "password": "{{user_password}}"
}'

You can test this out in our docs pages here: https://docs.ns-api.com/reference/post_tokens

For more information on the client_id and client_secret please see our general documentation site here: https://documentation.netsapiens.com/passwords/how-to-create-a-client-id-and-client-secret