Support

How do I create a JWT?

A JSON Web Token (JWT) consists of three parts: a header, a payload and a signature.

We’ll start with the signature.

The JWT’s signature is important as it ensures it was made by you, not by someone else. You can use a secret string or a public/private keypair. In our case we use a keypair. We use a 2048-bit RSA key. You’ll need to create one:

1. Create a public/private key

You first need a public and private key.

Either create one online, or using your local system:

Create one online

The simplest way to get a key is to use an online service. For example: https://cryptotools.net/rsagen. Choose 2048, click the button and it should show you a private key and a public certificate:

RSA key pair

Create one using command line

Using a Mac? Open a terminal window:

RSA key terminal

Then type these commands:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

That will have created a public certificate and private key in that folder. You can view their by using a command like cat:

cat private.pem
cat public.pem

You might like to copy those files to another directory to keep them safe and secret.

Using Windows? It is a bit more complicated but Windows users can run openssl commands if using Cygwin: http://www.cygwin.com/. You might find it easier to use an online tool (above) if you are not sure.

2. Give us your public certificate

You need to tell us the public part. You’ll use the private key in the next part. Keep that secret. Put that to one side for a moment.

Sign in to our enterprise video CMS dashboard. You should see a More option in the main menu. Within that, you should see a JWT keys option. Click that.

Initially there will be none listed. Click the blue link to add a new one.

Give it a name so you can identify it (as you may add more, such as to rotate them):

New JWT key

Then scroll down that page, and in the box below put the entire content of your public certificate. It will start with this line: -----BEGIN CERTIFICATE-----.

Then click the blue button at the bottom to create it. If that works, you will be shown the key’s ID. That value is important. You will send that in your JWT’s header (as its kid) so that we know which key you have used to sign that JWT (since you may have multiple ones).

To find out how to use the private key (which you’ve kept to one side up until now) to sign a JWT, please see the next guide:

How do I use a JWT to authenticate private videos?

Updated: September 25, 2023