What is JWT

JSON Web Tokens (JWTs) are an effective and secure way of authentication between distinct entities.

By using JWT-based authentication flow, you ensure greater security during the development of your application in a very straightforward manner!

How does this flow work?

The flow based on JWT operates through two fundamental types of tokens:

Access token

This is the token you will use to authenticate with our API. It will be associated with your user and the organization you specified and has an expiration time of 1 hour.

To obtain it, simply call the Get access token endpoint with your ZapSign user credentials.

This endpoint is the first step for authentication and will return both the access token and the refresh token, which will be explained below.

With these two tokens in hand, to authenticate yourself to ZapSign endpoints, simply place your access token in the "Authorization" header of the request, prefixed with "Bearer".

For example:

  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzA5ODIwMTQxLCJqdGkiOiIxMGM4YmVhOTkxNDM0ZGU5OWQxNmViMGE2ZTA3MTU1YyIsInVzZXJfaWQiOjEsInR5cGUiOiJwdWJsaWMifQ.GhMKXDyiidHrWCSmU3I9e6-zDm61mBmDqEavir4IW0c'
  },

Refresh token

This token is used to keep your access token constantly updated and has an expiration time of 1 day.

Whenever your access token becomes invalid after 1 hour of its creation, you should use the refresh token to generate a new access token that will be valid for another 1 hour.

To do this, simply call the Refresh your access token endpoint passing your current refresh token (obtained in the Get access token step).

Next steps

See how simple it is to ensure a more secure authentication method for your application?

Now that you have a better understanding of how the tokens in this flow work, follow the call examples provided in the next pages of this documentation to further facilitate the implementation process.