Symptom
The request is rejected with a 401 Unauthorized authentication error when making an API request.
Applies To
- Application API
- API Requests
- JSON Web Token (JWT)
Resolution
To ensure that you are minting your JSON Web Token (JWT) correctly, ensure that you are doing the following:
- Generating a valid IAT (issued at time)
- Using the correct application_id
- Using the correct private key associated to the application
- Check if there's any IP address whitelisting configured
Remember: The Private Key is generated only when the application is created using the Application API. This Private Key must be stored securely, as Vonage does not store this. The Private Key should not contain any return characters.
If new public and private keys are generated using the Vonage API Account Dashboard, click Save Changes after the new Public Key and Private Key generation. For some older versions of applications, an extra step of updating the private setting is mandatory before the Save can be done. If this is not done, the new public and key pair are not saved, and you will still encounter an Invalid token issue.
The steps to mint new key pair - Go to Applications --> Edit.
Step1:

Step2: Update privacy setting for the application (may not be required if it is already filled in)

Step 3: Save Changes
Once Saved, the page should take you back to your application view.
You can validate the key pair by running the command openssl rsa -pubout -in private.key. This will return the public key, which can be validated with the public key available in the application settings.
If you still experience issues authenticating your request, creating a new application and using the new application_id and Private Key to mint your new tokens is recommended.
You can check your JWT at jwt.io. Enter your token and public key to ensure the token is valid and live.
Review your server synchronise time if you experience issues with your established token.
Cause
This usually occurs when there is an issue with the JWT in the HTTP header.
Additional Information
Do also refer to this youtube video.
https://www.youtube.com/watch?v=h7c0dHcmG40
For more information on how Vonage APIs use JWTs for authentication, see our developer guide on Authentication using JSON Web Tokens (JWT).
Articles in this section
- How to Release an Existing Email Address for Reuse on Vonage Dashboard
- Can I invite a team member who already has a Vonage account?
- Not Receiving Password Reset Email – Vonage API Dashboard
- How many team members can I invite per day on the dashboard?
- How to set up TOTP Authentication for 2FA verification on the Vonage API dashboard.
- Are there countries where Vonage API does not operate?
- What do the parameters returned from the Dimension changed event from a session in Inspector tool mean?
- How can I add new users to receive emails for account alerts and notifications?
- What is a Secondary API Key?
- Receiving 2FA codes via phone for Vonage Dashboard login