Contents x
How to Set Up and Use JWT
  • 03 May 2021
  • 2 Minutes to read
  • Print
  • Dark
    Light
Contents
  This documentation version is deprecated, please click here for the latest version.

How to Set Up and Use JWT

  • Updated on 03 May 2021
  • 2 Minutes to read
  • Print
  • Dark
    Light
Article summary

Overview:

JWT(JSON Web Token) is a web token that is used to transfer information between two devices as a JSON Object. JWT (pronounced “jot”) also is a token format that uses a hashing algorithm to encrypt header and payload data into one token. This token is then used to securely refer to the user context session as data that is transferred between the client and the server.

JWT Flow Steps

In Decisions, there are two JWT flow steps located in the Steps panel under Integration -> Internal Services > AccountService

  • Login and Get JWT Token
  • Get Context From JWT Token

Login and Get JWT Token

What this flow step does is it takes in the username and password as inputs and uses the default shared key located in portal settings, hashes that account information with the algorithm and the secret key in portal settings which then outputs the token. The Login And Get JWT Token uses the user login of a decisions user account and then outputs. Whichever account is used to login into the decisions portal can be the account to use for 

JWTOVERVIEW1 (2).png

How to Change JWT Secret Key

This secret key can be changed by typing in a new key in portal settings found under System > Settings > Portal Settings.

JWTOVERVIEW1 (4).png


Get Context From JWT Token

This flow step takes in a JWT token as input and then outputs five pieces of information:

JWTOVERVIEW1 (3).png

  • SessionValue: Is merely the user session of the account running the flow
  • ClientEventSessionId: Ties session updates to what is being seen on a browser page.
  • DisplayType: refers to SilverLight, HTML, HTMLmobile, or HTMLtablet.
  • StudioPortal: This property will be set to true if the user account is a studio user.
  • BrowserUserAgent: Refers to the string that browsers use to determine their behavior.

Get JWT Token In An API Call:

To Access JWT token through API you need to make a call to the Account Service method “LoginAndGetJWTToken” like this:

http://{BasePortalURL}/Decisions/Primary/REST/AccountService/LoginAndGetJWTToken?outputType=JSON&userName=admin@decisions.com&password=admin

To find your base portal URL, open a web browser. The 'BasePortalURL' will usually be the first two fields after the "http://" By default, decisions local installs will usually be "http://localhost/decisions" or "http://localhost" if it is a root install. In production environments, it may be "https://YourCompanyDNSname.com/decisions" or "https://YourCompanyDNSname.com/" If it's a root install.   

For local installs, this is how a call would look like: 

JWTOVERVIEW1 (1).png

Next, select the authorization header tab and input the following in the following fields:

  • Type: “Bearer Token”
  • Token: “Paste Your JWT Token Here”

JWTOVERVIEW1 (6).png

Calling APIs to run Flow/Rule/Report:

Once you have the JWT token you can make the remaining calls to the services as follows:

  • URL: http://{BasePortalURL}/Decisions/Primary/?FlowId={FlowId/ReportId/RuleId/TruthTableId}&Action=api&outputtype=JSON
  • Http Header: Authorization: Bearer (JWT token)

For instance, this is how a call to run flow with id f5cc8ed9-216e-11ea-888b-b42e996c6738 looks like on the localhost.

JWTOVERVIEW1 (5).png


Was this article helpful?
What's Next
Decisions
Resources
Organization
Connect