2C2P securely transmits payment information using the self-contained JSON Web Token (JWT) standard (RFC 7519). JWTs can be verified using digital signatures created with a secret (HMAC algorithm) or a public/private (RSA/ECDSA) key pair.


Generate JWT

To generate a JSON Web Token (JWT), merchants need their secret key and request data, and must use the HMAC SHA256 signing algorithm to generate the token.

Merchants must import the JWT library based on language used.


Provided Sample Code

How to Generate JWT

The sample code below demonstrates JWT generated using sample data for header, payload, and secret key.

  "alg": "HS256",
  "typ": "JWT"

//Payload Data
    "merchantID": "JT01",
    "invoiceNo": "1523953661",
    "description": "item 1",
    "amount": 1000.00,
    "currencyCode": "SGD"

//Merchant SHA Key is "1F4EDB965BBB3094F791A83750FBDCDA3852131CB5218E21E4F42929A1975E60"

//Sample output 


Decode JWT

Merchants must pass in encoded tokens and their merchant secret key to decode tokens. To perform this process, merchants must download the [*JWT library*](https://jwt.io/#libraries-io) based on language used.


Provided Sample Code

How to Decode & Process JWT