Secure API with JWT PivotData Microservice Documentation


Microservice settings are specified in the appsettings.json file.

It is possible to secure microservice web API with JWT (JSON Web Token) authorization. To enable JWT auth configure the following section in microservice settings file:

  "Auth": {
    "Type": "jwt",
    "Jwt": {
      "ValidIssuer": "Test",
      "ValidateIssuer": true,
      "ValidateAudience": false,
      "ValidateLifetime": true,  // set to false if you use JWT that never expires
      "ValidateIssuerSigningKey": true,
      "IssuerSigningKeyString": "some_secure_key_value"
    }
  }

You main web application should generate valid JWT (with the same "Issuer" and "SigningKey") and pass it in Authorization HTTP header. The following js code snippet illustrates how to add this header for all ajax calls:

$.ajaxSetup({
	headers: { 'Authorization': "Bearer " + jwt }
});

In some cases it is not possible to pass JWT with HTTP header and microservice also accepts it as POST form parameter __JwtAuthorization:

<form id="exportForm" method="POST" action="api/cube/SomeCubeId/pivot/export/excel">
	<input type="hidden" name="pvtReportJson" />
	<input type="hidden" name="__JwtAuthorization" />
</form>

Integration Example

JWT token generation in main web app is illustrated in the example that shipped with PivotData microservice package (see integration\AspNetMvcCore folder, .NET MVC Core app).