38.3 JWT Encryption Key

A JSON web token is a JSON object to represent a set of information. On sign in, user is authenticated and JWT token is generated. This JWT is subsequently passed to make API calls.

To keep sensitive information hidden from the bearer (client) or third parties, JWT should be encrypted.

A single key can be used to encrypt the data, if the JWT is encrypted with the key then the data can be decrypted using the same key.

Navigation Path:

From System/ Bank Administrator Dashboard, click Toggle Menu, then click Security. Under Security, click Security Keys.

Figure 38-2 Security Keys

Description of "Figure 38-2 Security Keys"

To generate the security keys:

1. Navigate to one of the above paths.
   The Security Keys screen appears.
2. The default behaviour in the product will be no encryption for password as well as JWT.
3. If encryption needs to be enabled, then the system administrator should generate the respective keys.
4. Click Generate against the Public and Private Key Pair.
   System will generate public as well as private keys.
5. Click Generate against the JWT Encryption Key.
   System will generate the symmetric key for encryption.
6. Click OK to complete the transaction.

   Note:

   The server will need to be restarted post key generation.