A JSON Web Token (JWT) consists of three parts: a header, payload, and signature.

The signature ensures it was made by you, not by someone else. A JWT signature can be signed using a secret string or by using a public/private keypair. In our case we use a keypair.

So in order to generate a JSON Web Token (JWT) to use with our video platform, you first need to create a public/private key pair. We use a 2048-bit RSA key.

On a Mac/Linux you can create a keypair using these commands in a terminal window:

openssl genrsa -out privatekey.pem 2048
openssl rsa -in privatekey.pem -pubout -out publickey.pem

View the contents of them using cat:

cat privatekey.pem
cat publickey.pem

You might like to copy them to another directory.

Windows users can run openssl using Cygwin: http://www.cygwin.com/.

Then you will need to tell us your public key so that we can verify JWTs you have signed using your private key. Sign in to our enterprise video CMS dashboard and you should see a Developers option in the main menu. Within that, you should see a JWT keys option. Click that.

Initially there will be none listed. Click the link to add a new one.

Give it a name so you can identify it (as you may add more, such as to rotate them):

New JWT key

Scroll down and in the box below paste the entire contents of your public key. It starts with -----BEGIN CERTIFICATE-----.

Click the blue button at the bottom to create it. If that works, you will be shown the key’s ID. That value is important: you will send that in your JWT’s header (as its kid) so that we know which key you have used to sign that JWT (since you may have multiple ones). So to find out how to make a JWT using that private key, please see our next guide:

How do I use a JWT to authenticate private videos?