Calling REST APIs with JWT authentication
Use the following information to call REST APIs with JWT authentication.
Before you begin
- The incoming JWT must contain a parameter with the name “alg” in the header, which denotes the algorithm to be used for verifying JWT. Only JWT signed with RSA algorithms: RS256, RS384, and RS512 are supported.
- The incoming JWT must contain an issuer name in the payload or body with the claim name “iss”.
- The incoming JWT must contain an expiration time in the payload or body with the claim name “exp”.
- The incoming JWT must contain a parameter with the name “kid” (key ID) in the header, which denotes the key ID to be used for verification.