JWT for VoiceLayer API

What is JWT?

JWT is a stateless self-contained token that has been signed. It is an open standard with implementations for many languages.

Claims for the voicelayer token:

  • iat - (Issued At) The current timestamp.
  • jti - (JWT ID) A nonce that is only used for a single request. Should be a random string of 32 characters or a UUID.
  • sub - (Subject) The token for the user. This should be retrieved via login. This claim is not required for register or sign up.
  • iss - (Issuer) The UID for the application.

    Example:

{
  iat: 1437068430,
  jti: "802057ff9b5b4eb7fbb8856b6eb2cc5b",
  sub: "de305d54-75b4-431b-adb2-eb6b9e546014",
  iss: "8b39c8157d8adb35dc2f40fb6fd9c4af"
}

Assuming the app associated to iss has the secret "e958ecd90666000de2d1848109b2527d" then the signed request would look like:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzcwNjg0MzAsImp0aSI6IjgwMjA1N2ZmOWI1YjRlYjdmYmI4ODU2YjZlYjJjYzViIiwic3ViIjoiZGUzMDVkNTQtNzViNC00MzFiLWFkYjItZWI2YjllNTQ2MDE0IiwiaXNzIjoiOGIzOWM4MTU3ZDhhZGIzNWRjMmY0MGZiNmZkOWM0YWYifQ.n3kOW2-SiZ9smF6ZUzjUsCBXUtooxklIGtruO4U6CNY

Using JWT with the VoiceLayer API

The JWT should be sent as Bearer JWT_TOKEN in the Authorization header unless otherwise specified:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzcwNjg0MzAsImp0aSI6IjgwMjA1N2ZmOWI1YjRlYjdmYmI4ODU2YjZlYjJjYzViIiwic3ViIjoiZGUzMDVkNTQtNzViNC00MzFiLWFkYjItZWI2YjllNTQ2MDE0IiwiaXNzIjoiOGIzOWM4MTU3ZDhhZGIzNWRjMmY0MGZiNmZkOWM0YWYifQ.n3kOW2-SiZ9smF6ZUzjUsCBXUtooxklIGtruO4U6CNY

Links: