Guides
  1. Getting Started

JWT Generation

Create signed JWT tokens for API authentication

Every API request must include a signed JWT (JSON Web Token) in the Authorization header.

JWT Requirements

The JWT must contain:

ClaimDescription
issYour API Key (issuer)
iatCurrent UTC timestamp in seconds (issued at)

The token must be signed using:

  • Your private RSA key
  • The RS512 algorithm (RSA with SHA-512)

Python Example

"""
Requirements:
  pip install python-jose

The .pem file is the Private Key generated during setup.
The 'iss' value is the API Key provided by Lirium.
"""

from jose import jwt
from datetime import datetime, timezone

def create_jwt():
    with open("your_private_key.pem", "r") as f:
        private_key = f.read()

    payload = {
        "iss": "your_api_key",
        "iat": int(datetime.now(timezone.utc).timestamp()),
    }
    return jwt.encode(payload, private_key, algorithm="RS512")

Example JWT

For an API Key of 9de362f4d69d484c9a1af12d610f1caa, the generated JWT would look like:

eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI5ZGUzNjJmNGQ2OWQ0ODRjOWExYWYxMmQ2MTBmMWNhYSIsImlhdCI6MTU5ODk3ODQ5Nn0.jhQbmEObzj4NhkAxEFp-MIE4QDesLpVgyi8ZUowW7aAFJX8OHsGMrC4Kib4N8_XqAiHs39qrinLrcwIQh3XHNLC5a4LAWARq1ZK0y72FbT3f_hvjEeui5P0VqfwDe27VPfW9fXilaXpzmlW8bDY2sZNO5dddqVZuZubpPYsJvgRcK8_Lsv9hSDfQHULH5DxB0E-iGkuLxXOk1R-Stvj4NamGmAphvV0f9V31viTqvqV0JEaSNzcgwVPCFsooI2J6xFj_lMBIOtLwCluO8hnK9-WSbBaeqTCiq9p4JA31rAcwzNnEpkQ0CeDia-3VjMgp_sXSO3hnJbGKNMqTzhLO0Rxiy-rUIB9j81hzqgD3rGC7uZi46pSHjNZAExRac6EtSiBQXOmplb1UYeg5mMU91zg75PH5PPHYmxx6W9nNmv_-qOb-osQVnOl1mzEVfakB8PhCBIX1jUlHRO4110DXnqzESx-MuiJLt3KAs0OPM95maUScggIBvTBSCx5HE5tIhmOAZ1IjneLj2kGq-W44IxRQdImfar104_Xsxw5e5fkZEqm-Hcdo5m51xa_vZ1LQQ2p-n8Sa32-dLsDz-Kq9YZGp633XCoJ6S82ITjjLmSbazy1-YOgsGU3JZ9kWibcwss6-5Xdn7nZBcSRtrSUsuYDQejDTryhNkhLfvFYNKho

Using the JWT

Include the JWT in every API request as a Bearer token in the Authorization header:

Authorization: Bearer <your-jwt-token>

cURL Example

curl -X GET "https://api.lirium-sandbox.com/v1/partner" \
  -H "Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json"

Token Expiration

JWTs should be generated fresh for each request or batch of requests. While tokens don't have a strict expiration, using the current timestamp in iat ensures tokens are valid and not reused inappropriately.

Updated 28 days ago