User JWT

The User JWT is used to authenticate an end user. You generate it using the Secret Key and the API Key from your project.

Obtaining API Keys

1. Go to the MagicBell Dashboard.
2. Select your project.
3. Navigate to Settings > API Keys.
4. You’ll see both the API Key and the Secret Key.

API Keys

JWT Payload

Here’s what the payload typically looks like:

{
  "user_email": "person@example.com",
  "user_external_id": "usr_l70vln",
  "api_key": "pk_JJUxO8amaaK21G08w9q0_218239574"
}

You must specify either user_email or user_external_id, or both.

Signing the User JWT

User JWTs must be signed with your project's Secret Key using the HS256 algorithm. The secret is known only to your backend and MagicBell. It proves the authenticity of the token. The secret key can be obtained from the API Keys page on our Dashboard.

Generate a User JWT

The JWT should be generated by your backend and provided to the frontend.

TypeScript

import jwt from 'jsonwebtoken';

const secret = 'your-secret-key';
const payload = {
  user_email: null,
  user_external_id: 'your-user-id',
  api_key: 'your-api-key',
};

const token = jwt.sign(payload, secret, {
  algorithm: 'HS256',
  expiresIn: '1y',
});

console.log(token);

Go

package main

import (
	"fmt"
	"time"

	"github.com/golang-jwt/jwt/v5"
)

func main() {
	secret := []byte("your-secret-key")

	claims := jwt.MapClaims{
		"user_email":       "",
		"user_external_id": "your-user-id",
		"api_key":          "your-api-key",
		"exp":              time.Now().AddDate(1, 0, 0).Unix(),
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	signed, err := token.SignedString(secret)
	if err != nil {
		panic(err)
	}

	fmt.Println(signed)
}