Security Token Details

Enterprise REST API > Authentication Framework > Overview > Security Token Details

For the Jack Henry Enterprise APIs, the security token format will be a JSON Web Token (JWT), which is a coded and signed compilation of JSON documents, and in the form of a ‘value’ token (that is generated by an OpenID Connect token provider.

The JWT (pronounced ‘jot’) will be used as a mode of trust between the caller, the token server, and the relying party (service).

JWTs also can be passed as part of a request payload as needed to identify entities other than the caller in an ‘on behalf of’ transaction.

Since Jack Henry Enterprise callers are traditionally other services and not people, the token sent to access the service will not always be the token of the ‘person at keyboard’ (PAK).

This behavior and identity flow are almost identical to the current SAML identity flow used in the current JH SOAP API implementation.

Have a Question?

Have a how-to question? Seeing a weird error? Get help on StackOverflow.

Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.

Last updated Thu Jul 14 2022