Platform Status: Good
V1.5
Join Free

Portal

JWT invite tokens

PORT generates invite links for you that you can access via the API or in the Your Data section of the app. Alternatively, you can generate them yourself. Invite tokens are JWT Tokens and are signed using the HMAC-SHA256 (HS256) algorithm.

Invite link structure

https://{your_portal_subdomain}.port.im/claim/{token}

Header

PORT expects you to use the HMAC-SHA256 (HS256) algorithm.

{
 "alg" : "HS256",
 "typ" : "JWT"
}

Payload

The payload contains information about the invited customer, this must be a user that exists inside PORT.

Payload attributes

Description

sub
The users email address. This must match what is stored in PORT
iat
Token issued at timestamp
exp
Token expires timestamp
{
  "sub": "test@port.im",
  "iat": 1547049180,
  "exp": 1547653980
}

Signature

The signature verifies the authenticity of the payload, this is a keyed-hash message authentication code (HMAC) derived from the combination of the header and claim. When creating a Portal in PORT an "Authentication Key" is generated for you.

HMAC-SHA256(
 encodeBase64Url(header) + '.' +
 encodeBase64Url(payload),
 PORTAL_AUTHENTICATION_KEY
)

Build the token

The three parts are base64url encoded separately, and concatenated using dots

const token = encodeBase64Url(header) + '.' + encodeBase64Url(payload) + '.' + encodeBase64Url(signature)

Testing

You can decode tokens generated by PORT or test tokens you've created on JWT.io.