How to create a JWT
In order to use Service accounts, you have to generate a JSON Web Token. Learn how to do that using CLI and a bash script.
Create a token
First, you need to create a service account with the UserManager role, then save the result value as a credentials.json file:
Next, create a token.sh file in the same folder with the following code. Note that the code uses a jq tool that is not a built-in command, so you have to install it manually (download jq here).
#!/usr/bin/env bash
credentials="${PWD}/credentials.json"
account_id=$(cat $credentials | jq -r ".result.account_id")
key_id=$(cat $credentials | jq -r ".result.key_id")
rsa_secret=$(cat $credentials | jq -r ".result.private_key")
timestamp() {
date +"%s"
}
test_payload=$( jq -n \
--arg iat "$(timestamp)" \
--arg iss "$account_id" \
--arg exp "$(($(timestamp)+3600))" \
'{
iat: $iat | tonumber,
iss: $iss | tonumber,
exp: $exp | tonumber
}'
)
set -o pipefail
header_template=$( jq -n \
--arg typ "JWT" \
--arg alg "RS256" \
--arg kid "$key_id" \
'{typ: $typ, alg: $alg, kid: $kid}'
)
b64enc() { openssl enc -base64 -A | tr '+/' '-_' | tr -d '='; }
json() { jq -c . | LC_CTYPE=C tr -d '\n'; }
rs_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2"); }
sign() {
local secret=$rsa_secret
algo=RS256
header=$header_template || return
payload=$test_payload
signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)"
sig=$(printf %s "$signed_content" | rs_sign "${algo#RS}" "$secret" | b64enc)
printf 'Authorization: Bearer %s.%s\n' "${signed_content}" "${sig}"
}
sign
You may need to do run chmod +x token.sh for the script to execute properly.
You can create a token.sh by downloading the script from our site:
curl https://voximplant.com/assets/images/2020/08/06/jwt.sh --output token.sh
How to use it
Now you can use in your JWT in CLI via curl with the -H key specified. For example, this is how you can request the first 20 users of the specified Voximplant application: