Contents x
How to Set Up and Use JWT
  • 01 Nov 2021
  • 2 Minutes to read
  • Print
  • Dark
    Light
Contents
  This documentation version is deprecated, please click here for the latest version.

How to Set Up and Use JWT

  • Updated on 01 Nov 2021
  • 2 Minutes to read
  • Print
  • Dark
    Light
Article summary

Overview:

JWT (JSON Web Token) is a web token that is used to transfer information between two devices as a JSON Object. JWT (pronounced “jot”) is also a token format that uses a hashing algorithm to encrypt the header and payload data into one token. This token is then used to securely refer to the user context session as data that is transferred between the client and the server.

JWT Flow Steps

There are two JWT Flow steps located in the Steps panel under Integration -> Internal Services > AccountService

  1. Login and Get JWT Token
  2. Get Context From JWT Token

Login and Get JWT Token

  1. This Flow step takes in the username and password as inputs and uses the default shared key, located in the Portal settings, hashes that account information with the algorithm, and the secret key in the Portal settings which then outputs the token. 
  2. The Login And Get JWT Token uses the user login of an Account and then outputs. 
  3. Whichever Account is used to log in to the Portal can be the account to use for obtaining a token.

    How to Change JWT Secret Key

    This secret key can be changed by typing in a new key in the integration settings. It is found under System > Settings > Integration Settings.

    Get Context From JWT Token

  4. This Flow step takes in a JWT token as an input and then outputs five pieces of information:

SessionValue:The user session of the Account running the Flow.
ClientEventSessionId:Ties session updates to what is being seen on a browser page.
DisplayType:Refers to SilverLight, HTML, HTMLmobile, or HTMLtablet.
StudioPortal:This property will be set to true if the user Account is a studio user.
BrowserUserAgent:Refers to the string that browsers use to determine their behavior.

Get JWT Token In An API Call:

  1. To Access JWT token through API you need to make a call to the Account Service method “LoginAndGetJWTToken” like this:
    http://{BasePortalURL}/Decisions/Primary/REST/AccountService/LoginAndGetJWTToken?outputType=JSON&userName=admin@decisions.com&password=admin
  2. To find the base Portal URL, open a web browser. 
  3. The BasePortalURL will usually be the first two fields after the "http://" By default, decisions local installs will usually be "http://localhost/decisions" or "http://localhost" if it is a root install. 
  4. In production environments, it may be "https://YourCompanyDNSname.com/decisions" or "https://YourCompanyDNSname.com/" If it's a root install.   

  5. For local installs, this is how a call would look like: 

    JWTOVERVIEW1 (1).png

  6. Next, select the authorization header tab and input the following in the following fields:
    1. Type: “Bearer Token”
    2. Token: “Paste Your JWT Token Here”

JWTOVERVIEW1 (6).png

Calling APIs to run Flow/Rule/Report:

  1. Once you have the JWT token you can make the remaining calls to the services as follows:
  2. URL: http://{BasePortalURL}/Decisions/Primary/?FlowId={FlowId/ReportId/RuleId/TruthTableId}&Action=api&outputtype=JSON
  3. Http Header: Authorization: Bearer (JWT token)
  4. For instance, this is how a call to run a Flow with id f5cc8ed9-216e-11ea-888b-b42e996c6738looks like on the localhost.

    JWTOVERVIEW1 (5).png

Was this article helpful?
What's Next
Decisions
Resources
Organization
Connect