Action Required: Update Your JWT Configuration for Enhanced Security Action Required: Update Your JWT Configuration for Enhanced Security

Action Required: Update Your JWT Configuration for Enhanced Security

Vonage API Support

We are recommending stricter JWT ACL list authentication requirements for all applications.

  • New Requirement: Client-side JWTs must include properly configured Access Control Lists (ACLs) that specify only the API paths your application actually uses
  • Security Recommendation: This follows the principle of least privilege, limiting access to only required resources
  • Performance Benefit: Reduced token scope improves authentication speed and security

Applies To

Cause

Your JWT tokens are using overly broad access permissions ("/**/applications/***": {}) that could allow unauthorized access to your applications.

Action Required
Please update your JWT ACL to use specific, limited permissions instead of wildcard patterns. 

For example:

  • Remove "/**/applications/***": {}
  • In ACL list use only the paths that are needed to perform operation 

Next Steps

  1. Review your current JWT configuration
  2. Update ACL permissions to be more restrictive
  3. Test the changes in your development environment first

Overly permissive tokens are allowed to access your accounts in intended ways.

Additional Information