API Gateway then verifies the integrity of the JWT by using a public key that you upload via the JWT validation settings page.īased on your JWT claim configuration, API Gateway checks the token for presence of reserved and custom claims you specified as required. Your identity provider first signs a JWT by using a private key. This ensures the data in the JWT payload has not been modified by third parties. This behavior also contributes to improved security by allowing edge servers to filter out unauthorized requests before they can reach your origin infrastructure.ĪPI Gateway supports the use of RSA private/public key pairs for JWT signature verification.
#Json web token verification
Akamai verifies JWT signatures at the edge, which negates the need to go back to origin for verification and offloads your identity provider.
This immediate validation increases the scalability of your API and provides an overall faster client-server experience. You don't have to store session states on the server and load user information from a database or cache. JWTs are stateless, which means that incoming JWT requests can be validated on the spot. Ensures the proper identification of the request sender and protects the request from being tampered with. API Gateway supports the use of both pre-defined reserved claims and custom claims. Contains the actual statements represented as claims that two parties exchange. Contains information about the cryptographic operations applied to the JWT's header and payload. With Akamai, you can use JWTs to quickly identify and authorize API consumers who send requests to your API.Ī JWT contains information about an entity in the form of claims and combines three elements encapsulated in JSON objects: JSON web token is an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting JSON-encoded information between parties.
0 kommentar(er)
