JWT for VoiceLayer API

What is JWT?

JWT is a stateless self-contained token that has been signed. It is an open standard with implementations for many languages.

Claims for the voicelayer token:

  • iat - (Issued At) The current timestamp.
  • jti - (JWT ID) A nonce that is only used for a single request. Should be a random string of 32 characters or a UUID.
  • sub - (Subject) The token for the user. This should be retrieved via login. This claim is not required for register or sign up.
  • iss - (Issuer) The UID for the application.

    Example:

{
  iat: 1437068430,
  jti: "802057ff9b5b4eb7fbb8856b6eb2cc5b",
  sub: "7e3b04c27313b5fc9cfa527fbd59c915",
  iss: "8b39c8157d8adb35dc2f40fb6fd9c4af"
}

Assuming the app associated to iss has the secret "e958ecd90666000de2d1848109b2527d" then the signed request would look like:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzcwNjg0MzAsImp0aSI6IjgwMjA1N2ZmOWI1YjRlYjdmYmI4ODU2YjZlYjJjYzViIiwic3ViIjoiN2UzYjA0YzI3MzEzYjVmYzljZmE1MjdmYmQ1OWM5MTUiLCJpc3MiOiI4YjM5YzgxNTdkOGFkYjM1ZGMyZjQwZmI2ZmQ5YzRhZiJ9.CUsKPGcNkY30IbbIONgnzVcR-zsQnbI0tmrnN69NZvM

Using JWT with the VoiceLayer API

The JWT should be sent as Bearer JWT_TOKEN in the Authorization header unless otherwise specified:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MzcwNjg0MzAsImp0aSI6IjgwMjA1N2ZmOWI1YjRlYjdmYmI4ODU2YjZlYjJjYzViIiwic3ViIjoiN2UzYjA0YzI3MzEzYjVmYzljZmE1MjdmYmQ1OWM5MTUiLCJpc3MiOiI4YjM5YzgxNTdkOGFkYjM1ZGMyZjQwZmI2ZmQ5YzRhZiJ9.CUsKPGcNkY30IbbIONgnzVcR-zsQnbI0tmrnN69NZvM

Links: