Generating a JSON Web Token for a GET Request

Generate the Claim Set

Use the following key:value pair.

**Claim Set Element**
Field Name	Description	Example
iat	The date and time of message origin. The date can be in any format for a time zone. This is a required field.	iat: Thur, 15 June 2017 08:12:31 GMT

Generate the Token Header

Use the following key:value pairs.

**Token Header Elements**
Field Name	Description	Example
x5c	The x5c (X.509 certificate chain) Header Parameter contains the X.509 public key certificate or certificate chain corresponding to the key(.p12) used to digitally sign the token. This is a required field.	MIICZTCCAc6gAwIBAg…Emj0F35Ew2ek4VezUXnZ/SMLvWEA6DG2sjSFCCuIot3mLJ3lI4AQSQSBSazhQec75Rk=
alg	The signing algorithm used. This is a required field.	alg: RS256
v-c-merchant-id	Merchant ID assigned in the Business Center. Required for merchant transactions. Required for partners sending transactions of behalf of merchants.	v-c-merchant-id: merchant_id

Example

{
	"x5c": "MIICZTCCAc6gAwIBAg…Emj0F35Ew2ek4VezUXnZ/SMLvWEA6DG2sjSFCCuIot3mLJ3lI4AQSQSBSazhQec75Rk=",
	"alg": "RS256",
	"v-c-merchant-id":  "merchant_id"
}

Generate the Token Signature

**Token Signature Elements**
Field Name	Description	Example
JWT Signature	Base64-encode the JWT header and the claim set created in previous steps to create the data element. Join the resulting encoded strings together with a period (.) in between them. In our pseudo code, this joined string is assigned to data. To get the JWT signature, the data string is signed with RS256 with the private key using the signing algorithm specified in the JWT header. Signature String is then encoded with Base64-encoded before creating final token.	data = base64urlEncode( JWT header ) + “.” + base64urlEncode( Claimset ) signature = RS256Hash( data, private_key ) ; signature = eyJ2LWMtbWVyY2hhbn…WYQNLMOApxv6-DdcJZK4L9mLRc3gFb1kTFvodNEI6M0GeyoFp-b9PNG32TLQITYfWmZEbTZExgQHXGwwqo

Generate the JSON Web Token

**JSON Web Token Elements**
Field Name	Description	Example
JWT Token	With All three components JWT header , claim set , and Signature , concatenate the components into a valid JWT authorization token. JWT token = JWT header.Claim set.signature Combine the header and payload and signature with periods (.) separating them.	Example: JWT Token = base64url( JWT header ) + “.” + base64url( Payload ) + “.” + base64url( Signature ) // Sample JWT header eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 // Sample PayLoad eyJ1c2VySWQiOiJiMDhmODZhZi0zNWRhLTQ4ZjItOGZhYi1jZWYz OTA0NjYwYmQifQ // Sample signature -xN_h82PHVTCMA9vdoHrcZxH-x5mb11y1537t3rGzcM // Sample JWT Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiJiMDhm ODZhZi0zNWRhLTQ4ZjItOGZhYi1jZWYzOTA0NjYwYmQifQ.-xN_h82PHVTCMA9vdoHrcZxH-x5mb11y1537t3rGzcM

Sample Code

Format/Example
Preparing payload: String jwtBody = "{\n \"iat\":\"" + DateTimeFormatter.RFC_1123_DATE_TIME.format(ZonedDateTime.now(ZoneId.of("GMT"))) + "\"\n} \n\n"; HashMap customHeaders = new HashMap(); customHeaders.put(v-c-merchant-id, merchantConfig.getMerchantID()); String jwsSignatureValue = sign(jwtBody, rsaPrivateKey, x509Certificate, customHeaders); Generating JWT Token—Header, Payload, and Signature: private sign(String content, PrivateKey privateKey, X509Certificate x509Certificate, Map<String, ? extends Object> customHeaders) { if(!this.isNullOrEmpty(content) && x509Certificate != null && privateKey != null) { String serialNumber = null; String serialNumberPrefix = "SERIALNUMBER="; String principal = x509Certificate.getSubjectDN().getName().toUpperCase(); int beg = principal.indexOf(serialNumberPrefix); if(beg >= 0) { int x5cBase64List = principal.indexOf(",", beg); if(x5cBase64List == -1) { x5cBase64List = principal.length(); } serialNumber = principal.substring(beg + serialNumberPrefix.length(), x5cBase64List); } else { serialNumber = x509Certificate.getSerialNumber().toString(); } ArrayList x5cBase64List1 = new ArrayList(); try { x5cBase64List1.add(Base64.encode(x509Certificate.getEncoded())); } catch (CertificateEncodingException var16) { logger.error("can\'t signAndEncrypt the payload", var16); return null; } RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey; Payload payload = new Payload(content); JWSHeader jwsHeader = (new com.nimbusds.jose.JWSHeader.Builder(JWSAlgorithm.RS256)).customParams(customHeaders).keyID(serialNumber).x509CertChain(x5cBase64List1).build(); JWSObject jwsObject = new JWSObject(jwsHeader, payload); try { RSASSASigner joseException = new RSASSASigner(rsaPrivateKey); jwsObject.sign(joseException); if(!jwsObject.getState().equals(com.nimbusds.jose.JWSObject.State.SIGNED)) { logger.error("Payload signing failed."); return null; } else { return jwsObject; } } catch (JOSEException var15) { logger.error("can\'t signAndEncrypt the payload", var15); return null; } } else { logger.error("empty or null content or Private key or public certificate is null"); return null; } }

Format/Example

Preparing payload:

String jwtBody = "{\n            \"iat\":\"" +                  DateTimeFormatter.RFC_1123_DATE_TIME.format(ZonedDateTime.now(ZoneId.of("GMT"))) + "\"\n} \n\n";

HashMap customHeaders = new HashMap();
customHeaders.put(v-c-merchant-id, merchantConfig.getMerchantID());

String jwsSignatureValue = sign(jwtBody, rsaPrivateKey, x509Certificate, customHeaders);

Generating JWT Token—Header, Payload, and Signature:

private sign(String content, PrivateKey privateKey, X509Certificate x509Certificate, Map<String, ? extends Object> customHeaders) {
    if(!this.isNullOrEmpty(content) && x509Certificate != null && privateKey != null) {
        String serialNumber = null;
        String serialNumberPrefix = "SERIALNUMBER=";
        String principal = x509Certificate.getSubjectDN().getName().toUpperCase();
        int beg = principal.indexOf(serialNumberPrefix);
        if(beg >= 0) {
                int x5cBase64List = principal.indexOf(",", beg);
                if(x5cBase64List == -1) {
                    x5cBase64List = principal.length();
                }

                serialNumber = principal.substring(beg + serialNumberPrefix.length(), x5cBase64List);
        } else {
                serialNumber = x509Certificate.getSerialNumber().toString();
        }
        ArrayList x5cBase64List1 = new ArrayList();
        try {
          x5cBase64List1.add(Base64.encode(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException var16) {
          logger.error("can\'t signAndEncrypt the payload", var16);
          return null;
        }

        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
        Payload payload = new Payload(content);
        JWSHeader jwsHeader = (new com.nimbusds.jose.JWSHeader.Builder(JWSAlgorithm.RS256)).customParams(customHeaders).keyID(serialNumber).x509CertChain(x5cBase64List1).build();
        JWSObject jwsObject = new JWSObject(jwsHeader, payload);

        try {
            RSASSASigner joseException = new RSASSASigner(rsaPrivateKey);
            jwsObject.sign(joseException);
            if(!jwsObject.getState().equals(com.nimbusds.jose.JWSObject.State.SIGNED)) {
                logger.error("Payload signing failed.");
                return null;
            } else {
                return jwsObject;
            }
        } catch (JOSEException var15) {
            logger.error("can\'t signAndEncrypt the payload", var15);
            return null;
        }
    } else {
        logger.error("empty or null content or Private key  or public certificate is null");
        return null;
    }
}

After Generating the Header

To authenticate requests, place the JSON web token in an HTTP heading in the format:

Authorization: Bearer {token string}

where the {token string} is the string without curly braces.