***

title: Legacy Gateway Authentication
description: JWT Bearer Token authentication for Moveworks Legacy Gateways
--------------------------------------------------------------------------

## JWT Bearer Token

All Legacy Gateways use JWT Bearer Authentication.

<Steps>
  <Step title="Generate key pair">
    Generate a private-public key pair.
  </Step>

  <Step title="Add private key to Moveworks">
    Add your private key & gateway information as a connector in Moveworks Setup.
  </Step>

  <Step title="Share public key">
    Share the public key with your Gateway team.
  </Step>

  <Step title="Automatic JWT signing">
    As part of every request, Moveworks will generate a JWT with the standard set of claims and sign it with the private key:

    ```json
    {
      "iss": "moveworks",
      "aud": "https://your.gateway.com",
      "iat": "1659540236",
      "exp": "1659547436"
    }
    ```
  </Step>

  <Step title="Token sent in header">
    Moveworks will set the token in the auth header as `Authorization: Bearer <token>`.
  </Step>

  <Step title="Gateway verification">
    Your gateway can then decrypt the token with the public key, verify, and process the request.
  </Step>
</Steps>

See the [starter code](https://github.com/moveworks/gateway/blob/main/starter-code/legacy%20gateways/form_gateway_sample.py) for an example.

<Note>
  * Maximum TTL for a token is **2 hours**
  * Signing algorithm: **ES256** (ECDSA signature algorithm using SHA-256 hash algorithm) or **RSA256**
</Note>