JWT and token signing

Zlick requires jwt token as one of the function inputs. We do that to be able to verify the source of requests. More info about web tokens can be found at jwt.io.

JWT tokens are signed by the client secret provided to you by Zlick team. You must sign this token with the secret using the 'HS256' algorithm.

Important Note:

JWT signing must only be done on your server and you should never expose your client secret to frontend.

JWT header

The header of the web token must be:

{
  "alg": "HS256",
  "typ": "JWT"
}

There are 2 types of payload supported:

Standard Payloads

Purchase Payload

{
  "contentId": "123", // (Required) Your content ID
  "amount": 20, // (Required) Purchase price in change (cents, cross, pennies etc. )
  "token": "clientToken", // (Required) client token provided by Zlick
  "clientUserId": "456", // Optional: Your own system's userID
  "referenceName": "ARTICLE-4076" // Optional: A reference name that will be visible for this product in Zlick Portal
}

Subscription Payload

{
  "productName": "123", // name of product that is configured on Zlick
  "token": "Token", // client token provided by Zlick
  "clientUserId": "456" // Optional: Your own system's userID
}

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search