You must create a properly defined JSON Web Token to successfully use Automation APIs.
To prevent a third-party from attempting to intercept and reuse the JWT token, you must configure a Communication time-out interval when adding applications to the Automation API Access Settings screen. Upon receiving the API request, Apex Central compares the "Issued at" (iat) attribute to the time Apex Central received the request. If the request did not arrive before the configured time-out interval, Apex Central rejects the request with a 401 response code.
The following tables outline the required information that you must include in the Header and Payload sections of the JWT token.
|
Content |
Description |
|---|---|
|
alg |
The algorithm used to calculate the JWT checksum Supported algorithms:
|
| typ |
The type of JSON Web Token (JWT) Important:
Apex Central only accepts JSON Web Tokens (JWT). |
|
Content |
Description |
|---|---|
|
appid |
The Application ID of the third-party application obtained from the Automation API Access Settings screen |
|
iat |
The "Issued at" token generation time The generation time uses the Unix time stamp (number of seconds since Jan 01 1970 UTC) format. |
|
version |
The version of this JWT authorization token Important:
Apex Central only accepts "V1" JWT authorization tokens. |
|
checksum |
The checksum of the request |