Securing an API with a JSON Web Token

There are two methods to secure your API with a JSON Web Token. You can use the jwt-generate command, or you can use a token that has been generated external to IBM® API Connect.

About this task

JSON Web Token (JWT) is an OAuth 2.0 compliant method of authentication that can be useful to secure your API in API Connect.

You can secure your API with a JSON Web Token by using either of the following methods:
  • Generate a token through the jwt-generate command, and then augment the response payload with your generated token replacing the id token.
  • Use a token that was generated outside of API Connect and include it into the response payload, by using the metadata URL.


Create a jwt-generate policy in the assembly.
  1. In API Manager, open the Assembly tab.
  2. Add a jwt-generate policy to the assembly for the API.