REST API
      Back to home
      1. Wowza Technical Support FAQ
      2. Wowza Video
      3. REST API

      How to Authenticate with JSON Web Tokens (JWT) Instead of an API Key

      Switching from API key authentication to JSON Web Tokens (JWT) enhances the security of your Wowza Video API interactions. This guide will walk you through the steps to authenticate using JWT.

      Why is Wowza Video Transitioning from API Keys to JWT for Authentication?

      A: JSON Web Tokens (JWT) offer enhanced security and versatility for several reasons:

      • Verifiable and Trustworthy: JWTs are digitally signed, ensuring the information is secure and reliable.
      • Versatile Authentication: JWTs allow the creation of both System Access Tokens and Personal Access Tokens.
      • Modern Security Standards: JWT adheres to contemporary security protocols.
      • Enhanced Security Across Wowza Properties: JWT provides added security across all Wowza services, unlike the Cloud-only API Key.

      JWT-based authentication is now available in the beta version (1.8) of the API. During the transition period, you can authenticate using either API keys or JWT. However, we recommend updating your integrations to use JWT as soon as possible.

      How to Authenticate with JWT

      1. Create a Personal Access Token:

        • Generate the JWT in the Token Management portal. You can also access this portal from the Access Key page in Wowza Video.
        • Choose between a personal token or system token. System token allow you to assign different roles to team members.

      2. Use the Token in API Requests:

        • Include the generated token as a bearer token in the Authorization header of your REST API requests: 
          Authorization: Bearer <your-jwt>

      Using Environment Variables

      For convenience, we use environment variables in the curl API request examples for Wowza Video. This makes it easier to copy, paste, and run commands in your Terminal or Command Prompt window. Note that the variable syntax may differ depending on your operating system. You can set environment variables like this, depending on your operating system:

      Linux or macOS:

      export WV_JWT="your token here"
      export WV_HOST="https://api.video.wowza.com"
      export WV_VERSION="v1.8"

      Windows:

      set WV_JWT=your token here
      set WV_HOST=https://api.video.wowza.com
      set WV_VERSION=v1.8

      After setting values for the environment variables, you can copy and paste API request examples into your Terminal or Command Prompt. You'll still need to substitute resource IDs and update parameter values, where appropriate.

      Sample Request:

      curl -X POST \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer <JWT>" \
      -d '{
         "transcoder": {
           "billing_mode": "pay_as_you_go",
           "broadcast_location": "us_west_california",
           "buffer_size": 4000,
           "delivery_method": "push",
           "low_latency": true,
           "name": "MyABRtranscoder",
           "protocol": "rtsp",
           "transcoder_type": "transcoded"
         } 
      }' "${WSC_HOST}/api/beta/transcoders"

      Using a GUI-based REST API client:

      After creating your token, you can easily set up a variable in Postman named “token” and assign your token value to it. This setup will enable you to create REST API calls and manage your live streams seamlessly. Please see this article for more information on how to use the Wowza Video REST API and JWT.

      Additional Resources

        Generate a personal access Token (JWT)

        Full library of Wowza Video documentation