- Why do I receive a 401 Unauthorized when making an API request?
- Why are my API requests rejected with an authentication error?
If you are receiving an authentication error or a 401 Unauthorized HTTP response when trying to make an API request using JWT, then there is likely an issue with the JWT in your HTTP header.
To ensure that you are minting your JWT correctly, check if you are doing the following:
- Generating a valid IAT (issued at time)
- Using the correct application_id
- Using the correct private key associated to the application
Remember: The Private Key is generated only when the application is created using the Application API. This Private Key must be stored securely, as Nexmo does not store this.
If new public and private keys are generated using the Nexmo Dashboard, make sure to click on "Save changes" after the new Public Key and Private Key generation.
If you still experience issues with authenticating your request, we recommend creating a new application and using the new application_id and private key to mint your new tokens.
You can also check your JWT at jwt.io, where you can enter your token and secret to ensure the token is both valid and live.
If you experience issues with your established token, you may review your server synchronize time.
You can find information on how Nexmo uses JWTs for authentication in our documentation:
JSON Web Tokens (JWT)