# Authentication using JWT For server-side applications where you can keep API keys secure, follow our [Authentication](/docs/guides_general/authentication) guide. For your client-side applications, we recommend using a JWT to securely authenticate. Following this guide to generate a JWT for your application. note Depending on the path you choose for integration, there is a different set of instructions. Refer to our [integration paths](/docs/guides_general/integration_paths) for more details. ## Generate a JWT for an eCommerce store If you have an eCommerce store that you want to add shipping to, you can generate a JWT using your own Shippo API key. Follow this example that uses the `embedded/authz/` endpoint to create a JWT. ``` curl --location --request POST 'https://api.goshippo.com/embedded/authz/' \ --header 'Authorization: ShippoToken ' \ --header 'Content-Type: application/json' \ --data-raw '{ "scope": "embedded:carriers" }' ``` ```json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "expires_in": "1682364890" } ``` The `token` is the JWT and `expires_in` is a unix timestamp representing when the token expires. ## Generate a JWT for a white label integration If you have not already, review our guide on [Shippo Platform accounts](/docs/platformaccounts/platform_accounts). You must have a Platforms account to create and use Managed Shippo Accounts. If you do not know your customer's Shippo Account ID, refer to this guide to [retrieve your user's Shippo Account ID](/docs/shippingelements/auth#1-retrieve-your-users-shippo-account-id). To generate a JWT for a Managed account, call the `embedded/authz/` endpoint and set the `object_id` of your customers Shippo Account ID to the `SHIPPO-ACCOUNT-ID` in the header of the call. ``` curl --location --request POST 'https://api.goshippo.com/embedded/authz/' \ --header 'Authorization: ShippoToken ' \ --header 'SHIPPO-ACCOUNT-ID: e0b382dc7d754c0ca6358c09d5d2bdf7' \ --header 'Content-Type: application/json' \ --data-raw '{ "scope": "embedded:carriers" }' ``` ```json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "expires_in": "1682364890" } ``` The `token` is the JWT and `expires_in` is a unix timestamp representing when the token expires. ## Generate a JWT for a gray label integration If you have not already, follow the steps in our [guide to request your OAuth key](/docs/oauth_integrations/oauth) and get access to a Bearer Token. There are 2 ways you can generate your own JWT for gray label integration. ### 1. Direct Authorization API ``` curl --location --request POST 'https://api.goshippo.com/embedded/authz/' \ --header 'Authorization: Bearer \ --header 'Content-Type: application/json' \ --data-raw '{ "scope": "embedded:carriers" }' ``` ```json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "expires_in": "1682364890" } ``` The `token` is the JWT and `expires_in` is a unix timestamp representing when the token expires. ### 2. User Server Side Remote Procedure Call to generate JWT ```shell service user { rpc DirectAuthorization(DirectAuthorizationRequest) : DirectAuthorizationResponse } message DirectAuthorizationRequest { context requestor: // integration user id requested_subject: // alice's id token_type: 'jwt' } ``` ``` message DirectAuthorizationResponse { token: // encoded jwt expires: //unix timestamp representing when the token expires } ``` The `token` is the JWT and `expires_in` is a unix timestamp representing when the token expires. ## Use your JWT JWT works the same as an API token. To test your generated JWT, call the [list all carrier parcel templates](/shippoapi/public-api/carrier-parcel-templates/listcarrierparceltemplates) endpoint. Remember to replace `` with the token you have generated. ``` curl --location --request GET https://api.goshippo.com/parcel-templates \ --header 'Authorization: JWT ' \ --header 'Content-Type: application/json' ``` ``` [ { "name": "FedEx® Small Box (S1)", "token": "FedEx_Box_Small_1", "carrier": "FedEx", "is_variable_dimensions": false, "length": "12.375", "width": "10.875", "height": "1.5", "distance_unit": "in" } ] ```