Skip to main content

Overview

JWT Tokens is an optional feature to add additional authentication security to our client.identify() method to prevent user impersonation.
1

Enable JWT Tokens in your console

Go to https://console.velt.dev and enable the toggle for Require JWT Token. The toggle is listed at the very bottom of the page.
JWT Tokens won’t work unless you enable it in your console.
2

Create a server endpoint for generating and sending JWT Tokens to the client

Create a server endpoint that will be used to generate and send a JWT Token to the client.Example server endpoint code:
3

Generate a JWT Token using Velt's REST API

In your server endpoint, call our https://api.velt.dev/v1/auth/token/get endpoint to generate a JWT Token.Example server code:

Request Body:

To get your Auth Token that is required for your request body, read here.

Success Response:

Failure Response:

Make sure to generate the JWT Token from your server, not your client. Otherwise, your JWT Token will not be secure.
4

Call your server endpoint from your client to pass your JWT Token to your client

Call your server endpoint from your client to pass your JWT Token to your client.
5

Pass the JWT Token to identify()

Once the JWT Token is generated, you can pass it into the client.identify() method. The client.identify() method has an optional second parameter that takes in a configuration object that includes the JWT Token as a field.
6

Refresh the JWT Token

The JWT token has the following lifecycle:
  • Tokens expire after 48 hours from generation
  • When a token expires, Velt emits a token_expired error event
  • Your application should:
    1. Subscribe to the error event to detect expired tokens
    2. Generate a new token via your server endpoint when expiry occurs
    3. Call identify() with the fresh token to re-authenticate the user
Using Hook:
Using API:
7

Your All Done!

You are all done! Now you have added an additional level of security with JWT Tokens.