Legacy Gateways

Legacy Gateway Authentication

View as Markdown

JWT Bearer Token

All Legacy Gateways use JWT Bearer Authentication.

1

Generate key pair

Generate a private-public key pair.

2

Add private key to Moveworks

Add your private key & gateway information as a connector in Moveworks Setup.

3

Share public key

Share the public key with your Gateway team.

4

Automatic JWT signing

As part of every request, Moveworks will generate a JWT with the standard set of claims and sign it with the private key:

1{
2  "iss": "moveworks",
3  "aud": "https://your.gateway.com",
4  "iat": "1659540236",
5  "exp": "1659547436"
6}
5

Token sent in header

Moveworks will set the token in the auth header as Authorization: Bearer <token>.

6

Gateway verification

Your gateway can then decrypt the token with the public key, verify, and process the request.

See the starter code for an example.

  • Maximum TTL for a token is 2 hours
  • Signing algorithm: ES256 (ECDSA signature algorithm using SHA-256 hash algorithm) or RSA256