Symptom
The request is rejected with a 401 Unauthorized authentication error when making an API request.
Applies To
- Application API
- API Requests
- JSON Web Token (JWT)
Resolution
To ensure that you are minting your JSON Web Token (JWT) correctly, ensure that you are doing the following:
- Generating a valid IAT (issued at time)
- Using the correct application_id
- Using the correct private key associated to the application
Remember: The Private Key is generated only when the application is created using the Application API. This Private Key must be stored securely, as Vonage does not store this. The Private Key should not contain any return characters.
If new public and private keys are generated using the Vonage API Account Dashboard, click Save Changes after the new Public Key and Private Key generation. For some older versions of applications, an extra step of updating the private setting is mandatory before the Save can be done. If this is not done, the new public and key pair are not saved, and you will still encounter an Invalid token issue.
The steps to mint new key pair - Go to Applications --> Edit.
Step1:
Step2: Update privacy setting for the application (may not be required if it is already filled in)
Step 3: Save Changes
Once Saved, the page should take you back to your application view.
You can validate the key pair by running the command openssl rsa -pubout -in private.key. This will return the public key, which can be validated with the public key available in the application settings.
If you still experience issues authenticating your request, creating a new application and using the new application_id and Private Key to mint your new tokens is recommended.
You can check your JWT at jwt.io. Enter your token and public key to ensure the token is valid and live.
Review your server synchronise time if you experience issues with your established token.
Cause
This usually occurs when there is an issue with the JWT in the HTTP header.
Additional Information
Do also refer to this youtube video.
https://www.youtube.com/watch?v=h7c0dHcmG40
For more information on how Vonage APIs use JWTs for authentication, see our developer guide on Authentication using JSON Web Tokens (JWT).
Articles in this section
- How do I update my profile name?
- What should I do if I didn't receive the team member invitation email?
- Dashboard domain for China customers
- How to troubleshoot network issues when sending API requests
- How do I update my Account Company Information and Address?
- Best practices for webhook/callback URL
- How to change your email address on the unified account?
- Can Secondary API key users see numbers shared in the Customer Dashboard view?
- What is the difference between Vonage Video API and Meetings API?
- How do I update the phone number in my Vonage API account dashboard?