# How to generate a JSON Web Token (JWT) for the signature generation API endpoint

## Overview

In order to pass the identity of the merchant to the 2Checkout Signature Generation API endpoint, you need to generate a valid JSON Web Token (JWT). This is an Internet standard for creating JSON-based access tokens that assert some number of claims.

The <https://jwt.io/> website allows you to decode, verify, and generate JSON Web Tokens.

{% hint style="info" icon="lightbulb" %}

#### Recommended resources

Want to simplify the process of collecting payments from your customers, while offering them a straightforward and unique buying experience? Check out ConvertPlus, our newest ordering engine, built with the latest technologies and continuously optimized based on CRO tests and benchmarks.

<a href="https://www.2checkout.com/lp/2checkout_convertplus_cart.html" class="button primary" data-icon="book-open-lines">Learn more</a>
{% endhint %}

{% hint style="warning" %}
JWTs are credentials, which can grant access to resources. Be careful where you paste them!
{% endhint %}

## Generate a merchant JWT

To generate a merchant JWT, follow the steps below:

1. Before generating a JWT, you need to copy the Buy-link Secret Word from your Merchant Control Panel. Log in to your Control Panel and navigate to *Integrations > Webhooks & API >* [*Secret word*](https://secure.2checkout.com/cpanel/webhooks_api.php) *section*.
2. Copy the string from the Buy-link Secret Word field to the clipboard.
3. Navigate to the [https://jwt.io](https://jwt.io/) website and start generating the JWT token.
   * In the **Debugger** section, you need to input data into the sections highlighted in this image.<br>

     <div data-with-frame="true"><figure><img src="/files/Svxh9GxlbjlnkvMk9bQZ" alt=""><figcaption></figcaption></figure></div>
   * The data in the **HEADER** section identifies which algorithm and token type are used to generate the signature. For your JWT token, use **HMAC-SHA-512 (HS512)** and token type **JWT**:
     * alg: HS512 (string, required) - encryption algorithm;
     * typ: JWT (string, required) - token type;<br>

       ```java
       {
        "alg" : "HS512",
        "typ" : "JWT"
       }
       ```
   * The **PAYLOAD** section contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. For your JWT, use the following claims:
     * sub: MERCH\_CODE (string, required) - subject, the merchant code whom the token refers;
     * iat: 1580915730 (string, required) - issued at, must be current timestamp since the UNIX epoch;
     * exp: 1580915730 (string, optional) - expiration time, must be in UNIX timestamp format from future.\
       \
       If the expiration time (exp) is not provided, the JWT token expiration time will be calculated from **iat + 30 minutes**.

       All the other fields/claims will be ignored.<br>

       ```java
       {
         "sub": "MERCH_CODE",
         "iat": 1580912768,
         "exp": 1580916205
       }
       ```
   * In the **VERIFY SIGNATURE** section, you calculate the signature. This is calculated by encoding the **header** and **payload** using **Base64url** encoding and concatenating the two values with a period separator. Then run the resulting string through the cryptographic algorithm specified in the header, which in this case is **HMAC-SHA512**.
   * For your JWT token, replace the **\<Buy link secret word>** from the example below with your **Buy-link Secret Word** from step 1.<br>

     ```java
     HMACSHA512(
       base64UrlEncode(header) + "." +
       base64UrlEncode(payload),
       <Buy link secret word>
     )
     ```
   * You will get the JWT token:<br>

     ```java
     eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJz...z0ZY6L6T1GvlOHiptgOQ
     ```
4. Use this JWT token in the future to pass your identity as a merchant to the 2Checkout Signature Generation API endpoint.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.2checkout.com/shopping-carts/convertplus/how-to-generate-a-json-web-token-jwt-for-the-signature-generation-api-endpoint.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.