Developer Guide
Getting Started
Voice
SMS and Fax
Team Messaging
Video
Webinar
Analytics
Artificial Intelligence
Accounts and Users
Using the API
Applications
Authentication
Authentication
Choosing the best auth
JWT grant type
Troubleshooting
Auth code grant type
Using access tokens
Using refresh tokens
App scopes
Technical deep-dives
Events and notifications
Downloads and SDKs
RingCentral Labs
API Reference

Troubleshooting JWT authentication

Last updated: 2025-03-21Contributors
Edit this page

JWT tokens are NOT presented in an HTTP Authorization header

A JWT is not a session-level credential used with every API call. Instead, JWT credentials are used to request OAuth access tokens. Only access tokens can be used in an HTTP Authorization header as a session-level credential to authorize the particular API call.

Setting the right access for a JWT

For heightened security, JWTs can be restricted to be used by a select group of apps. This is especially useful when you wish to exchange your JWT with a third party. However, if you intend a JWT to be used exclusively to call apps within your own organization, we recommend selecting the access option of, "All apps belonging to my organization."

JWTs and auth expiration

The expiration of a JWT credential should not be confused with the expiration of the OAuth access token that a JWT helps create. A JWT can be optionally configured to never expire. However, the same is not true for access tokens. Access tokens will always expire eventually. When that happens, a JWT can be used to quickly and easily generate a new access token to call the API.

Contents

Rate this page:

© 2025 RingCentral, Inc. All rights reserved.