# How to generate a JWT token

## Generate a temporary JWT-token

> Issues a temporary JWT-token for making authorized API requests. \
> A valid apiKey must be provided as a query parameter.\
> \
> How to obtain an apiKey:\
> \- In Sandbox, use POST \`/test-api-keys\` with a registered phone number \
> &#x20; from the Client Portal (EBC): <https://my.novapost.com/\\>
> \- In PROD, use your personal apiKey provided by your manager\
> \
> Usage:\
> \- Call GET \`/clients/authorization?apiKey={apiKey}\`\
> \- On success, copy the jwt from the response\
> \- Open the \*\*\[Authorize]\(<https://api.novapost.com/developers/index.html#auth)\\*\\>\* dialog in this documentation, select the \`JWT\` scheme, \
> &#x20; and paste the jwt\
> \- All Try-it-out requests will then automatically include \
> &#x20; \`Authorization: {jwt}\`\
> \
> Notes:\
> \- The jwt is valid for \~1 hour; request a new one after expiry\
> \- Do not store jwt beyond its TTL\
> \- The \`/test-api-keys\` route is not available in PROD\</br>\
> \
> 🔹\*\*Description of control elements:\*\*\
> \
> \*\*SCHEMA\*\*\</br>\
> Displays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\
> \- \*\*Single line description\*\*\</br>\
> &#x20; A description that fits into a single line; any text that does not fit remains hidden.\
> \- \*\*Multiline description\*\*\</br>\
> &#x20; An expanded description that displays more than one line of text.\
> \
> \*\*EXAMPLE\*\*\</br>\
> Shows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.<br>

```json
{"openapi":"3.0.0","info":{"version":"1.0.0"},"tags":[],"servers":[{"description":"sandbox","url":"https://api-stage.novapost.pl/v.1.0/"},{"description":"production","url":"https://api.novapost.com/v.1.0/"}],"paths":{"/clients/authorization":{"get":{"tags":["Authorization"],"summary":"Generate a temporary JWT-token","description":"Issues a temporary JWT-token for making authorized API requests. \nA valid apiKey must be provided as a query parameter.\n\nHow to obtain an apiKey:\n- In Sandbox, use POST `/test-api-keys` with a registered phone number \n  from the Client Portal (EBC): https://my.novapost.com/\n- In PROD, use your personal apiKey provided by your manager\n\nUsage:\n- Call GET `/clients/authorization?apiKey={apiKey}`\n- On success, copy the jwt from the response\n- Open the **[Authorize](https://api.novapost.com/developers/index.html#auth)** dialog in this documentation, select the `JWT` scheme, \n  and paste the jwt\n- All Try-it-out requests will then automatically include \n  `Authorization: {jwt}`\n\nNotes:\n- The jwt is valid for ~1 hour; request a new one after expiry\n- Do not store jwt beyond its TTL\n- The `/test-api-keys` route is not available in PROD</br>\n\n🔹**Description of control elements:**\n\n**SCHEMA**</br>\nDisplays the full technical structure of the request or response, including field names, data types, required fields, allowed values, and validation rules.\n- **Single line description**</br>\n  A description that fits into a single line; any text that does not fit remains hidden.\n- **Multiline description**</br>\n  An expanded description that displays more than one line of text.\n\n**EXAMPLE**</br>\nShows a ready-made sample JSON with correctly formatted values to demonstrate how a valid request or response should look.\n","parameters":[{"in":"query","required":true,"name":"apiKey","schema":{"type":"string"},"description":"To utilize this method, a personal API key is required."}],"responses":{"200":{"description":"JWT-token","content":{"application/json":{"schema":{"type":"object","properties":{"jwt":{"type":"string","description":"Personal JWT-token, expires after one hour to prevent any fraud, requiring a new request to generate a fresh token.","format":"json"}}}}}},"401":{"$ref":"#/components/responses/Unauthorized"},"422":{"$ref":"#/components/responses/Validation"},"503":{"$ref":"#/components/responses/Time-out"}}}}},"components":{"responses":{"Unauthorized":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Validation":{"description":"Validation error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Time-out":{"description":"Connection time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"schemas":{"Error":{"type":"object","properties":{"errors":{"type":"object","properties":{"":{"type":"string"}}}}}}}}
```

> The token is valid for 1 hour.\
> Once the token expires, you must send a new request to obtain a fresh token using the same API key.