JWT

2C2P securely transmits payment information using the self-contained JSON Web Token (JWT) standard (RFC 7519). JWTs can be verified using digital signatures created with a secret (HMAC algorithm) or a public/private (RSA/ECDSA) key pair.

 

Generate JWT


To generate a JSON Web Token (JWT), merchants need their secret key and request data, and must use the HMAC SHA256 signing algorithm to generate the token.

Merchants must import the JWT library based on language used.

👍

Provided Sample Code

How to Generate JWT

 
The sample code below demonstrates JWT generated using sample data for header, payload, and secret key.

//Header
{
  "alg": "HS256",
  "typ": "JWT"
}

//Payload Data
{
    "merchantID": "JT01",
    "invoiceNo": "1523953661",
    "description": "item 1",
    "amount": 1000.00,
    "currencyCode": "SGD"
}

//Merchant SHA Key is "1F4EDB965BBB3094F791A83750FBDCDA3852131CB5218E21E4F42929A1975E60"

//Sample output 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjaGFudElEIjoiSlQwMSIsImludm9pY2VObyI6IjE1MjM5NTM2NjEiLCJkZXNjcmlwdGlvbiI6Iml0ZW0gMSIsImFtb3VudCI6MTAwMCwiY3VycmVuY3lDb2RlIjoiU0dEIn0.ElmhOULUdK63FnriSs2XyhH1LxULoTVIopTUuQ77DvA

 

Decode JWT


Merchants must pass in encoded tokens and their merchant secret key to decode tokens. To perform this process, merchants must download the [*JWT library*](https://jwt.io/#libraries-io) based on language used.

👍

Provided Sample Code

How to Decode & Process JWT