Skip to main content
The major AAM release is live! For questions or concerns, visit the Release Page.

JWT Tokens

Vasyl MartyniukAbout 2 min

Get All Tokens

Get the list of all tokens issued for the given user.

Endpoint

GET /aam/v2/jwts

curl --location 'https://example.xyz/wp-json/aam/v2/jwts?user_id=2&fields=claims%2Csigned_url' \
--header 'Authorization: Bearer ***'

Parameters

ParamsDescription
user_idRequired. User ID.
fieldsOptional. Comma-separated list of properties to return. The supported properties are "token", "id", "claims", "signed_url", "is_valid", "error".
Response Sample
[
    {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkyNDkyOTUsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTAwMDQiLCJleHAiOjE3MTkzMzU2OTUsImp0aSI6IjU4NjRlZDhlLTc3M2QtNDJiZi1hZjUyLWJiZGNiOTc2NTMyMSIsInVzZXJJZCI6MSwicmV2b2NhYmxlIjp0cnVlLCJyZWZyZXNoYWJsZSI6bnVsbH0.ZVyOca0D0kryUJcb6nWOMwCWukhHIZ5q5cPtGLSGrCY",
        "id": "5864ed8e-773d-42bf-af52-bbdcb9765321",
        "is_valid": true,
        "error": null,
        "claims": {
            "iat": 1719249295,
            "iss": "http://localhost:10004",
            "exp": 1719335695,
            "jti": "5864ed8e-773d-42bf-af52-bbdcb9765321",
            "userId": 1,
            "revocable": true,
            "refreshable": null
        },
        "signed_url": "http://localhost:10004?aam-jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkyNDkyOTUsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MTAwMDQiLCJleHAiOjE3MTkzMzU2OTUsImp0aSI6IjU4NjRlZDhlLTc3M2QtNDJiZi1hZjUyLWJiZGNiOTc2NTMyMSIsInVzZXJJZCI6MSwicmV2b2NhYmxlIjp0cnVlLCJyZWZyZXNoYWJsZSI6bnVsbH0.ZVyOca0D0kryUJcb6nWOMwCWukhHIZ5q5cPtGLSGrCY"
    }
]

Get Single Token

Get a specific JWT token by ID (aka jti).

Endpoint

GET /aam/v2/jwt/<id>

curl --location 'https://example.xyz/wp-json/aam/v2/jwt/4bf13e8f-4b20-4494-a35a-81433f164855?user_id=2&fields=claims%2Csigned_url' \
--header 'Authorization: Bearer ***'

Parameters

ParamsDescription
idRequired. The unique JWT token ID (aka jti).
user_idRequired. User ID.
fieldsOptional. Comma-separated list of properties to return. The supported properties are "token", "id", "claims", "signed_url", "is_valid", "error".
Response Sample
{
    "id": "1862df17-75a9-4d73-93b9-c9549f2f209c",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxODYyZGYxNy03NWE5LTRkNzMtOTNiOS1jOTU0OWYyZjIwOWMiLCJ5ZXMiOnRydWUsInJldm9jYWJsZSI6dHJ1ZSwicmVmcmVzaGFibGUiOnRydWUsImlhdCI6MTc0NjUzNjM0NCwiaXNzIjoiaHR0cDovL2RlbW8ubG9jYWwiLCJleHAiOjE3NDY1MzY0NDQsInVzZXJfaWQiOjJ9.j_vpT4PIIrFkHU_h0YpFwaFHKt7W0H800uLsNIInBgw",
    "is_valid": true,
    "claims": {
        "jti": "1862df17-75a9-4d73-93b9-c9549f2f209c",
        "yes": true,
        "revocable": true,
        "refreshable": true,
        "iat": 1746536344,
        "iss": "http://demo.local",
        "exp": 1746536444,
        "user_id": 2
    },
    "signed_url": "http://demo.local?aam-jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxODYyZGYxNy03NWE5LTRkNzMtOTNiOS1jOTU0OWYyZjIwOWMiLCJ5ZXMiOnRydWUsInJldm9jYWJsZSI6dHJ1ZSwicmVmcmVzaGFibGUiOnRydWUsImlhdCI6MTc0NjUzNjM0NCwiaXNzIjoiaHR0cDovL2RlbW8ubG9jYWwiLCJleHAiOjE3NDY1MzY0NDQsInVzZXJfaWQiOjJ9.j_vpT4PIIrFkHU_h0YpFwaFHKt7W0H800uLsNIInBgw"
}

Create New Token

Issue new JWT token.

Endpoint

POST /aam/v2/jwts

curl --location 'https://example.xyz/wp-json/aam/v2/jwts?user_id=2&fields=claims%2Csigned_url' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ***' \
--data '{
    "expires_in": "+26 hours",
    "is_refreshable": true,
    "additional_claims": {
        "role": "moderator"
    }
}'

Parameters

ParamsDescription
user_idRequired. User ID.
urlRequired. Valid URL or relative path on the website.
expires_atOptional. Valid date-time string in RFC3339open in new window format that is in the future. The token will expire after given date-time.
expires_inOptional. Another way to specify the token's expiration date. This properly accepts a valid date and time formatopen in new window that PHP can parse into a DateTime object with strtotimeopen in new window core function.
is_refreshableOptional. Wether token can be used to obtain a new token before it is expired.
is_revocableOptional. Wether token should be considered as revocable or not.
additional_claimsOptional. An optional collection of claims that can be added to the token.
fieldsOptional. Comma-separated list of properties to return. The supported properties are "token", "id", "claims", "signed_url", "is_valid", "error".
Response Sample
{
    "id": "1862df17-75a9-4d73-93b9-c9549f2f209c",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxODYyZGYxNy03NWE5LTRkNzMtOTNiOS1jOTU0OWYyZjIwOWMiLCJ5ZXMiOnRydWUsInJldm9jYWJsZSI6dHJ1ZSwicmVmcmVzaGFibGUiOnRydWUsImlhdCI6MTc0NjUzNjM0NCwiaXNzIjoiaHR0cDovL2RlbW8ubG9jYWwiLCJleHAiOjE3NDY1MzY0NDQsInVzZXJfaWQiOjJ9.j_vpT4PIIrFkHU_h0YpFwaFHKt7W0H800uLsNIInBgw",
    "is_valid": true,
    "claims": {
        "jti": "1862df17-75a9-4d73-93b9-c9549f2f209c",
        "yes": true,
        "revocable": true,
        "refreshable": true,
        "iat": 1746536344,
        "iss": "http://demo.local",
        "exp": 1746536444,
        "user_id": 2
    },
    "signed_url": "http://demo.local?aam-jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxODYyZGYxNy03NWE5LTRkNzMtOTNiOS1jOTU0OWYyZjIwOWMiLCJ5ZXMiOnRydWUsInJldm9jYWJsZSI6dHJ1ZSwicmVmcmVzaGFibGUiOnRydWUsImlhdCI6MTc0NjUzNjM0NCwiaXNzIjoiaHR0cDovL2RlbW8ubG9jYWwiLCJleHAiOjE3NDY1MzY0NDQsInVzZXJfaWQiOjJ9.j_vpT4PIIrFkHU_h0YpFwaFHKt7W0H800uLsNIInBgw"
}

Refresh Token

Issue a new JWT token from still valid existing token. The original token will be revoked and the new token will be issued for the same time duration.

This request does not accept any payload and is only designed to obtain a refreshed token. Thus, you are not allowed to modify any claims.

Endpoint

PUT /aam/v2/jwt/<id>

curl --location --request PUT 'https://example.xyz/wp-json/aam/v2/jwt/941768ea-658a-47d6-a739-f999a8705241?user_id=2' \
--header 'Authorization: Bearer ***'

Parameters

ParamsDescription
idRequired. The unique JWT token ID.
user_idRequired. User ID.
Response Sample
{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI5NDE3NjhlYS02NThhLTQ3ZDYtYTczOS1mOTk5YTg3MDUyNDEiLCJyb2xlIjoibW9kZXJhdG9yIiwicmV2b2NhYmxlIjp0cnVlLCJyZWZyZXNoYWJsZSI6dHJ1ZSwiaWF0IjoxNzQ2NTM2NzExLCJpc3MiOiJodHRwOi8vZGVtby5sb2NhbCIsImV4cCI6MTc0NjYzMDMxMSwidXNlcl9pZCI6MiwicmF0IjoxNzQ2NTM2NzExfQ.a9ZmP9qmGIKV1GOCoPD7YNYdyIcrd1FKHjHzm5Qftts",
    "claims": {
        "jti": "941768ea-658a-47d6-a739-f999a8705241",
        "role": "moderator",
        "revocable": true,
        "refreshable": true,
        "iat": 1746536711,
        "iss": "http://demo.local",
        "exp": 1746630311,
        "user_id": 2,
        "rat": 1746536711
    }
}

Revoke Token

Revoke or delete an existing JWT token.

Endpoint

DELETE /aam/v2/jwt/<id>

curl --location --request DELETE 'https://example.xyz/wp-json/aam/v2/jwt/941768ea-658a-47d6-a739-f999a8705241?user_id=2' \
--header 'Authorization: ***'

Parameters

ParamsDescription
idRequired. The unique JWT token ID.
user_idRequired. User ID.
Response Sample
{
    "success": true
}

Revoke All Tokens

Revoke all tokens. In other words - delete all issued tokens for a given user.

Endpoint

DELETE /aam/v2/jwts

curl --location --request DELETE 'https://example.xyz/wp-json/aam/v2/jwts?user_id=2' \
--header 'Authorization: Bearer ***'

Parameters

ParamsDescription
user_idRequired. User ID.
Response Sample
{
    "success": true
}
Virtual Assistant

By visiting this website, you accept our transparent privacy policy.

Accept