JSON Web Tokens (JWT)

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties.

 

Generate JWT Token


Required merchant secret key & Request Data, using signing algorithm HMAC SHA256 to generate the token. You are required to import [JWT library](https://jwt.io/#libraries-io) based on language used. Below are the sample code.

👍

Provided Sample Code

How to Generate JWT Token

 
Below are sample generated JWT Token based on provided data (header, payload & secret key)

//Header
{
  "alg": "HS256",
  "typ": "JWT"
}

//Payload Data
{
    "merchantID": "JT01",
    "invoiceNo": "1523953661",
    "description": "item 1",
    "amount": 1000.00,
    "currencyCode": "SGD"
}

//Merchant SHA Key is "1F4EDB965BBB3094F791A83750FBDCDA3852131CB5218E21E4F42929A1975E60"

//Sample output 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjaGFudElEIjoiSlQwMSIsImludm9pY2VObyI6IjE1MjM5NTM2NjEiLCJkZXNjcmlwdGlvbiI6Iml0ZW0gMSIsImFtb3VudCI6MTAwMCwiY3VycmVuY3lDb2RlIjoiU0dEIn0.ElmhOULUdK63FnriSs2XyhH1LxULoTVIopTUuQ77DvA

 

Decode JWT Token


Required to pass in encoded token & merchant secret key to decode it to actual message using. You are required to import JWT library based on language used to perform token decode. Below are the sample code.

👍

Provided Sample Code

How to Decode & Process JWT Token