When making an API request, the request is rejected with a 401 Unauthorized authentication error.
- Voice API
- API Requests
- JSON Web Token (JWT)
To ensure that you are minting your JSON Web Token (JWT) correctly, ensure that you are doing the following:
- Generating a valid IAT (issued at time)
- Using the correct application_id
- Using the correct private key associated to the application
Remember: The Private Key is generated only when the application is created using the Application API. This Private Key must be stored securely, as Vonage does not store this.
If new public and private keys are generated using the Vonage API Account Dashboard, make sure to click Save Changes after the new Public Key and Private Key generation.
If you still experience issues with authenticating your request, it's recommended to create a new application and use the new application_id and Private Key to mint your new tokens.
You can check your JWT at jwt.io. Enter your token and secret to ensure the token is both valid and live.
If you experience issues with your established token, review your server synchronize time.
This usually occurs when there is an issue with the JWT in the HTTP header.
For more information on how Vonage APIs use JWTs for authentication, see our developer guide on Authentication using JSON Web Tokens (JWT).