Skip to main content
New protocol version released: This page may contain outdated information.
Secure your HAIP applications with robust JWT authentication. Learn how to implement token-based security, manage authentication state, and follow security best practices for production deployments. The HAIP SDK uses JWT (JSON Web Token) Bearer token authentication for secure communication with HAIP servers.

JWT Authentication

Token Format

HAIP uses standard JWT tokens with the following structure:

Token Components

A JWT token consists of three parts:
  1. Header: Contains the algorithm and token type
  2. Payload: Contains claims (user data, permissions, etc.)
  3. Signature: Verifies the token’s authenticity

Example Token Payload

Setting Up Authentication

Basic Authentication

Environment Variables

Store your authentication token securely using environment variables:

Dynamic Token Management

For applications that need to refresh tokens or use different tokens:

Token Validation

Parsing JWT Tokens

Use the SDK’s utility functions to parse and validate tokens:

Token Validation Example

Error Handling

Authentication Errors

Handle authentication-related errors:

Token Refresh Strategy

Implement automatic token refresh:

Security Best Practices

Token Storage

✅ Secure Storage Methods:
❌ Avoid:

Token Rotation

Implement token rotation for enhanced security:

Network Security

Use Secure Connections:
Certificate Validation:

Permission-Based Access

Channel Permissions

Check channel permissions before sending messages:

Run Limits

Enforce run limits based on token permissions:

Testing Authentication

Mock Authentication

For testing purposes, create mock tokens:

Authentication Testing

Next Steps

Client API

Learn about the client interface and methods.

Examples

See practical examples of authentication usage.

Error Handling

Understand error handling and recovery.

API Reference

Full API reference documentation.