@font-face { font-family: "Lato"; font-weight: 700; font-style: normal; src: url("/static/fonts/lato/lato-bol-webfont-g.eot"); src: url("/static/fonts/lato/lato-bol-webfont-g.eot?#iefix") format("embedded-opentype"), url("/static/fonts/lato/lato-bol-webfont-g.woff") format("woff"), url("/static/fonts/lato/lato-bol-webfont-g.ttf") format("truetype"), url("/static/fonts/lato/lato-bol-webfont.svg#latobold") format("svg"); } * { padding: 0; margin: 0; border: none; background: none; box-shadow: none; outline: none; } body { height: 100%; font-size: 12px; font-family: "Lato", Helvetica, Arial, sans-serif; color: #585858; background-color: #fff; } .noscript { display: block !important; background-color: yellow; position: fixed; z-index: 9999; text-align: center; top: 0; width: 100%; height: 60px; font-size: 18px; color: #ff8800; line-height: 60px; border-bottom: 1px solid #ebebeb; } .v-middle { vertical-align: middle; } .noscript img { margin-right: 18px; } .noscript span { font-weight: bold; font-size: 20px; }

RingCentral for Developers requires JavaScript to be enabled.

Getting Started

Social Messaging

Artificial Intelligence

Accounts and Users

Choosing the best auth

Getting started

Configuring an app for JWT

Using JWT for public apps

Troubleshooting

Auth code grant type

Getting Started

Generating an auth request

Keeping access tokens fresh

Sample app (Javascript)

Using access tokens

Using refresh tokens

Technical deep-dives

Auth code flow with PKCE

Notifications and events

Downloads and SDKs

RingCentral Labs

Troubleshooting JWT authentication

Last updated: 2022-03-01

Contributors

Sandbox versus Production

A JWT credential is associated with a specific environment. A JWT created for the sandbox environment cannot be used in production, and vice-versa. Make sure you are using the right credential in the right environment.

JWT tokens are NOT presented in an HTTP Authorization header

A JWT is not itself a way to authenticate to the API. Instead, JWT credentials are used to create access tokens. Only access tokens can be used in an HTTP Authorization header to authenticate with an API.

Setting the right access for a JWT

For heightened security, JWTs can be restricted to be used by a select group of apps. This is especially useful when you wish to exchange your JWT with a third-party. However, if you intend a JWT to be used exclusively to call apps within your own organization, we recommend selecting the access option of, "All apps belonging to my organization."

JWTs and auth expiration

The expiration of a JWT credential should not be confused with the expiration of the access token that a JWT helps create. A JWT can be optionally configured to never expire. However, the same is not true for access tokens. Access tokens will always expire eventually. When that happens, a JWT can be used to quickly and easily generate a new access token to call the API.

Contents

Rate this page: