JWT Validation

Centinel API will respond back with all requests in JWT form when able to.

Required Fields

Please note that each Claim key is case sensitive.

ClaimDescription
audMerchant jti Id - This is the 'jti' field from your request JWT echoed back. This field allows you to match up your request JWT with Cardinals response JWT.
jtiJWT Id - A unique identifier for this response JWT. This value is generated by Cardinal.
iatIssued At Time - This is a timestamp of when the JWT was created.
issIssuer - The request JWT's iss field echoed back.
ConsumerSessionIdThe unique session Id for the current user.
PayloadThe response object for your request. This field will contain any actual state information on the transaction. This is the decoded data object that is passed into the payments.validated event as the first argument.

JWT Payload Example

Below is an example of the JSON content of a basic response JWT Payload where we are passing an object within the Payload claim:

Below is an example of the JSON content of a basic response JWT Payload where we are passing a string within the Payload claim. This would occur when the request JWT included a ObjectifyPayload flag set to false:

Code Samples

Below are a code samples of how you can verify a JWT in a few languages

Validating a Response JWT in .NET

We recommend using an existing third party library to assist you in generating and validating JWTs. Some of our recommendations are:

JSON Web Token Handler - www.nuget.org

JWT - GitHub.com

The JWT.io website contains a list of additional approved libraries, with their feature sets. Check it out here.

Validating a Response JWT in Java

We recommend using an existing third party library to assist you in generating and validating JWTs. The JWT.io website contains a list of approved libraries, with their feature sets. Check it out here.

Validating a Response JWT in PHP

We recommend using an existing third party library to assist you in generating and validating JWTs. The JWT.io website contains a list of approved libraries, with their feature sets. Check it out here.