JWT Bearer Token

Typically used by production systems, the Moveworks Gateway supports JWT Bearer Authentication.

  1. Moveworks will generate a private-public key pair and share the public key with your developer team.
  2. As part of every request, Moveworks will generate a JWT with the standard set of claims and sign it with the private key.
  "iss": "moveworks", 
  "aud": "",
  "iat": "1659540236",
  "exp": "1659547436"
  1. Moveworks will set the token in the auth header like so,

    Authorization: Bearer <token>

  2. Your gateway can then decrypt the token with the public key, verify, and then process our request.

We've already created some starter code to help you work with JWTs.

Additional notes:

  • Maximum TTL for a token is 2hrs
  • We will use ES256 (ECDSA signature algorithm using SHA-256 hash algorithm) as our digital signature algorithm by default.
  • RS256 is also supported, but must be specified with your Customer Success Team.