> ## Documentation Index > Fetch the complete documentation index at: https://www.ayrshare.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Generate a JWT > Generate a JSON Web Token (JWT) for use with single sign on. export const PlansAvailable = ({plans = [], maxPackRequired}) => { let displayPlans = plans; if (plans && plans.length === 1) { const lowerCasePlan = plans[0].toLowerCase(); if (lowerCasePlan === "basic") { displayPlans = ["Basic", "Premium", "Business", "Enterprise"]; } else if (lowerCasePlan === "business") { displayPlans = ["Business", "Enterprise"]; } else if (lowerCasePlan === "premium") { displayPlans = ["Premium", "Business", "Enterprise"]; } } return Available on {displayPlans.length === 1 ? "the " : ""} {displayPlans.join(", ").replace(/\b\w/g, l => l.toUpperCase())}{" "} {displayPlans.length > 1 ? "plans" : "plan"}. {maxPackRequired && window.open('https://www.ayrshare.com/docs/additional/maxpack', '_self')} className="flex items-center mt-2 cursor-pointer"> Max Pack required } ; }; export const HeaderAPI = ({noProfileKey, profileKeyRequired}) => <> API Key of the Primary Profile.

Format: Authorization: Bearer API_KEY {!noProfileKey && (profileKeyRequired ? Profile Key of a User Profile.

Format: Profile-Key: PROFILE_KEY : Profile Key of a User Profile.

Format: Profile-Key: PROFILE_KEY )} ; Generate a JSON Web Token (JWT) for use with single sign on. See the [Generate JWT Overview](/apis/profiles/generate-jwt-overview) for more details. The JWT URL is valid for **5 minutes**. After 5 minutes you must generate a new JWT URL. See the Max Pack `expiresIn` for [additional options](/apis/profiles/generate-jwt-overview#jwt-expires-in). ## Header Parameters Your X API Key (Consumer Key) from the X Developer Portal. Alternative to the `twitterApiKey` body parameter. When provided, the generated JWT URL will use your X Developer App for OAuth linking. Your X API Secret (Consumer Secret) from the X Developer Portal. Alternative to the `twitterApiSecret` body parameter. Required when `X-Twitter-OAuth1-Api-Key` is provided. **Recommended:** Pass your X credentials via headers (`X-Twitter-OAuth1-Api-Key` and `X-Twitter-OAuth1-Api-Secret`) for consistency with all other Ayrshare API endpoints. The `twitterApiKey` and `twitterApiSecret` body parameters are still supported for backward compatibility. ## Body Parameters Domain of app. Please use the exact domain given during onboarding. Private Key used for encryption. User Profile Key. The API Key cannot be used in this field. Automatically logout the current session. Recommend not to use in production since it affects the performance. See [Automatic Logout of a Profile Session](/multiple-users/api-integration-business#automatic-logout-of-a-profile-session) for more information. Specify a URL to redirect to when the "Done" button or logo image is clicked. The URL will be automatically shortened in the returned JWT url. [Redirect the origin ](/multiple-users/api-integration-business#opening-and-closing-the-social-linking-url)opener window by adding the query parameter `origin=true` to the redirect URL. Specify the social networks to display in the linking page. This will override the social networks configured in the [Social Networks](/multiple-users/manage-user-profiles#set-social-networks-access) page. ```json Only display Facebook, X/Twitter, LinkedIn, and TikTok theme={"system"} { "allowedSocial": ["facebook", "twitter", "linkedin", "tiktok"] } ``` Verify that the generated token is valid. Recommend to only use in non-production environment. See [Opening and Closing the Social Linking URL](/multiple-users/api-integration-business#opening-and-closing-the-social-linking-url) for more information. If the private key is base64 encoded, set to `true`. Encode the private.key file in base64 and pass the single line String in the `privateKey` field. E.g in Linux: `cat private.key | base64` Set the longevity of the token in minutes. Range: 1 minute to 2880 minutes. See [JWT Expires In](/apis/profiles/generate-jwt-overview#jwt-expires-in) for more information. Send a Connect Accounts email with a link for users to directly access their social linkage page. See [Connect Accounts Email](/apis/profiles/generate-jwt-overview#connect-accounts-email) for more information. When you include your X API credentials, the generated JWT URL will initiate OAuth linking using your own X Developer App. Your end-users will see your app name on the X consent screen. **Required:** Before using this feature, you must add these callback URLs to your X Developer App settings (under Authentication settings > Callback URI / Redirect URL): * `https://profile.ayrshare.com/social-accounts` * `https://app.ayrshare.com/social-accounts` Without these, the OAuth flow will fail with a `403 Callback URL not approved` error. ```javascript cURL theme={"system"} curl \ -H "Authorization: Bearer API_KEY" \ -H 'Content-Type: application/json' \ -H "X-Twitter-OAuth1-Api-Key: YOUR_CONSUMER_KEY" \ -H "X-Twitter-OAuth1-Api-Secret: YOUR_CONSUMER_SECRET" \ -d '{"domain": "ACME", "privateKey": "-----BEGIN RSA PRIVATE KEY...", "profileKey": "PROFILE_KEY"}' \ -X POST https://api.ayrshare.com/api/profiles/generateJWT ``` ```javascript JavaScript theme={"system"} const fs = require('fs'); const API_KEY = "API_KEY"; const PROFILE_KEY = "PROFILE_KEY"; // Read in local private.key files - also can read from a DB const privateKey = fs.readFileSync('private.key', 'utf8'); fetch("https://api.ayrshare.com/api/profiles/generateJWT", { method: "POST", headers: { "Content-Type": "application/json", "Authorization": `Bearer ${API_KEY}`, "X-Twitter-OAuth1-Api-Key": "YOUR_CONSUMER_KEY", "X-Twitter-OAuth1-Api-Secret": "YOUR_CONSUMER_SECRET" }, body: JSON.stringify({ domain: "ACME", // required privateKey, // required profileKey: PROFILE_KEY, // required }), }) .then((res) => res.json()) .then((json) => console.log(json)) .catch(console.error); ``` ```python Python theme={"system"} import requests # Read in local private.key files - also can read from a DB with open('.private.key') as f: profileKey = f.read() payload = {'domain': 'ACME', 'privateKey': profileKey, 'profileKey': 'PROFILE_KEY' } headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer API_KEY', 'X-Twitter-OAuth1-Api-Key': 'YOUR_CONSUMER_KEY', 'X-Twitter-OAuth1-Api-Secret': 'YOUR_CONSUMER_SECRET'} r = requests.post('https://api.ayrshare.com/api/profiles/generateJWT', json=payload, headers=headers) print(r.json()) ``` ```php PHP theme={"system"} request( 'POST', 'https://api.ayrshare.com/api/post', [ 'headers' => [ 'Content-Type' => 'application/json', 'Authorization' => 'Bearer API_KEY' ], 'json' => [ 'domain' => 'ACME', 'privateKey' => '-----BEGIN RSA PRIVATE KEY...', // required 'profileKey' => 'PROFILE_KEY', // requires ] ] ); echo json_encode(json_decode($res->getBody()), JSON_PRETTY_PRINT); ``` ```csharp C# theme={"system"} using System; using System.Net.Http; using System.Text; using System.Threading.Tasks; using System.IO; using Newtonsoft.Json; namespace GenerateJWTRequest_csharp { class GenerateJWT { static async Task Main(string[] args) { string API_KEY = "API_KEY"; string url = "https://api.ayrshare.com/api/profiles/generateJWT"; try { string privateKey = await File.ReadAllTextAsync("./private.key"); var sendData = new { domain = "domain", privateKey = privateKey, profileKey = "PROFILE_KEY" }; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", "Bearer " + API_KEY); string jsonData = JsonConvert.SerializeObject(sendData); var content = new StringContent(jsonData, Encoding.UTF8, "application/json"); HttpResponseMessage response = await client.PostAsync(url, content); response.EnsureSuccessStatusCode(); string responseBody = await response.Content.ReadAsStringAsync(); Console.WriteLine(responseBody); } } catch (FileNotFoundException e) { Console.WriteLine($"Private key file not found: {e.Message}"); } catch (HttpRequestException e) { Console.WriteLine($"HTTP request error: {e.Message}"); } catch (Exception e) { Console.WriteLine($"Unexpected error: {e.Message}"); } } } } ``` ```json 200: Success theme={"system"} { "status": "success", "title": "User Profile Title", "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E" "url": "https://profile.ayrshare.com?domain=PROVIDED_DOMAIN&jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E", "emailSent": true, "expiresIn": "30m" } ``` ```json 400: Private Key Formatted Incorrectly theme={"system"} { "action": "JWT", "status": "error", "code": 189, "message": "Error generating JWT. Check the sent parameters, such as the privateKey has no extra tabs, spaces, or newlines. Error: error:0909006C:PEM routines:get_name:no start line" } ``` ```json 400: Partial Twitter API Keys theme={"system"} { "action": "JWT", "status": "error", "code": 188, "message": "Both twitterApiKey and twitterApiSecret are required. You provided only one." } ``` ```json 400: Duplicate X/Twitter Credentials theme={"system"} { "action": "JWT", "status": "error", "code": 434, "message": "X/Twitter API credentials were provided in both the request headers and the request body. Please use the headers only. See https://www.ayrshare.com/docs/apis/profiles/generate-jwt" } ```