Skip to main content
POST
/
:projectId
/
api
/
v7
/
crypto
/
sign-testing-jwt
Sign Testing JWT
curl --request POST \
  --url https://api.replyke.com/api/v6/:projectId/api/v7/crypto/sign-testing-jwt \
  --header 'Content-Type: application/json' \
  --data '
{
  "privateKey": "<string>",
  "payload": {},
  "projectId": "<string>"
}
'
Signs a short-lived JWT (5 minutes) using your project’s RSA private key. Use this during development to generate tokens for testing external auth without needing to implement JWT signing in your test environment.
Never use this endpoint in production. It requires your RSA private key in the request body, which must be kept secret. Use it only in local development or CI environments.

Body Parameters

privateKey
string
required
Your RSA private key encoded as a Base64 string. This is the private key associated with the public key configured in your project’s external auth settings.
payload
object
required
The JWT payload. Must include at least an id field (the user’s ID in your system). All fields are included in the userData claim.
{
  "id": "user-123",
  "email": "alice@example.com",
  "name": "Alice"
}
projectId
string
The project ID. Can be provided in the body or as a URL path parameter (:projectId). The body value takes precedence if both are provided.

Response

Returns the signed JWT as a plain text string (not JSON): 
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
The JWT is signed with RS256, expires in 5 minutes, and includes:
  • sub — the user’s id from the payload
  • iss — the project ID
  • aud"replyke.com"
  • userData — the full payload object

Error Responses

Missing params in request body
Returned when projectId, privateKey, or payload is missing.
{ "error": "Missing user id in payload.", "code": "crypto/missing-params" }
Returned when the payload object does not include an id field.