If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: docs.vapi.ai/customization/jwt-authentication - JWT Authentication | Vapi.

site address: docs.vapi.ai/customization/jwt-authentication redirected to: docs.vapi.ai/customization/jwt-authentication

site title: JWT Authentication Vapi

Our opinion (on Sunday 19 July 2026 17:26:06 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=Secure API authentication guide;

Headings (most frequently used words):

jwt, token, generating, example, usage, explanation, authentication, prerequisites, making, an, authenticated, api, request, scopes, private, public, web, client, recording, consent, plan,

Text of the page (most frequently used words):
the (70), token (41), jwt (25), call (24), api (20), vapi (18), quickstart (17), and (15), key (13), web (12), payload (12), custom (12), const (11), #private (11), options (11), for (9), you (9), data (9), authentication (9), calls (9), support (9), server (9), management (8), compliance (8), example (8), tool (8), this (7), can (7), define (7), overview (7), openai (7), voice (7), with (6), page (6), set (6), scope (6), get (6), request (6), generate (6), variables (6), generating (6), tools (6), built (5), consent (5), recording (5), plan (5), your (5), new (5), use (5), authenticated (5), using (5), public (5), how (5), environment (5), documentation (5), guide (5), speech (5), phone (5), assistant (4), make (4), client (4), usage (4), endpoint (4), response (4), authorization (4), json (4), headers (4), explanation (4), that (4), expiresin (4), used (4), sign (4), orgid (4), env (4), process (4), voices (4), chat (4), examples (4), multilingual (4), scheduling (4), sms (4), streaming (4), number (4), sip (4), configuration (4), cli (4), from (3), requests (3), function (3), includes (3), generated (3), content (3), type (3), url (3), want (3), method (3), https (3), include (3), following (3), generation (3), generatejwt (3), library (3), functionality (3), scopes (3), static (3), enterprise (3), google (3), testing (3), agents (3), rejection (3), triage (3), handoff (3), assistants (3), squads (3), widget (3), troubleshoot (3), errors (3), hooks (3), inbound (3), transcriber (3), llms (3), fetchdata (2), header (2), application (2), console (2), await (2), bearer (2), steps (2), outline (2), making (2), provided (2), will (2), organization (2), private_key (2), tag (2), org_id (2), scoped (2), which (2), endpoints (2), have (2), time (2), ensure (2), securely (2), prerequisites (2), security (2), privacy (2), resources (2), dashboard (2), status (2), website (2), addresses (2), proxy (2), pci (2), zero (2), retention (2), zdr (2), hipaa (2), gdpr (2), single (2), sso (2), flow (2), deepgram (2), azure (2), cartesia (2), playht (2), elevenlabs (2), core (2), models (2), faq (2), ivr (2), navigation (2), environments (2), dev (2), uat (2), prod (2), debugging (2), prompting (2), boards (2), advanced (2), developing (2), locally (2), spam (2), events (2), setting (2), urls (2), webhooks (2), property (2), order (2), clinic (2), passing (2), between (2), lead (2), qualification (2), appointment (2), migrate (2), variable (2), substitution (2), session (2), compatibility (2), non (2), end (2), reasons (2), forwarding (2), transfer (2), voicemail (2), control (2), outbound (2), sdk (2), telnyx (2), twilio (2), telephony (2), free (2), agent (2), integration (2), tts (2), keywords (2), knowledge (2), fallback (2), background (2), messages (2), configurations (2), composer (2), guides (2), introduction (2), integrations (2), pre (2), release (2), what (2), sdks (2), mcp (2), reference (2), index (2), level (2), txt (2), any (2), next, configure, previous, edit, yes, was, helpful, start, import, makes, asynchronous, specified, logs, error, catch, log, fetch, getassistants, async, appropriate, send, handle, should, prefixed, specify, placeholder, actual, creates, option, specifies, expire, hour, ensuring, its, authenticity, representing, object, false, allowtransientassistant, 1cbf8c70, 5fd7, 4f61, a220, 376ab35be1b0, allowedassistantids, allowedorigins, true, enabled, restrictions, writing, only, publicly, creation, all, other, are, privately, restrict, access, one, two, determine, actions, performed, such, expiration, stored, often, contains, case, necessary, credentials, both, found, portal, account, service, requires, supports, programming, language, framework, before, proceed, provides, demonstrates, authenticate, secure, copy, scroll, top, light, tcpa, guidelines, rss, feed, glossary, report, issues, sympana, connector, voiceaiwrapper, voicerr, vapify, chatdash, voiceflow, langfuse, supabase, cloudflare, gcp, cloud, storage, aws, assemblyai, talkscriber, soniox, speechmatics, gladia, openrouter, togetherai, perplexity, deepinfra, groq, gemini, anthropic, bedrock, inworld, rimeai, minimax, lmnt, legacy, migration, text, test, suites, silent, handoffs, routing, commerce, medical, retrieve, artifacts, analysis, concurrency, queue, debug, drops, hold, specialist, dynamic, transfers, based, warm, detection, customer, join, timeout, real, websocket, transport, trunk, credential, amazon, chime, plivo, zadarma, networking, firewall, trunking, escalation, calling, bring, own, fine, tuned, argument, encryption, base, query, retrieval, gohighlevel, slack, sheets, calendar, troubleshooting, aliases, side, code, provider, keys, realtime, pipeline, email, address, reading, pronunciation, dictionaries, denoising, idle, flush, syntax, formatting, personalization, user, information, transient, permanent, legal, soc, community, works, best, practices, monitoring, scorecard, structured, outputs, simulations, evals, observability, workflows, campaigns, insights, place, numbers, model, conversation, behavior, concepts, started, ask, search, available, root, append, markdown, version,


Text of the page (random words):
jwt authentication vapi for ai agents a documentation index is available at the root level at llms txt append llms txt to any url for a page level index or md for the markdown version of any page search ask ai website status support dashboard documentation api reference mcp sdks cli new what s new documentation api reference mcp sdks cli new what s new get started introduction phone calls web calls vapi guides composer pre release cli quickstart assistants quickstart core concepts conversation behavior model configurations tools custom keywords custom voices custom transcriber custom tts custom llms examples phone numbers free vapi number inbound sms telephony integrations sip integration phone number hooks calls place calls in call control call end reasons troubleshoot call errors call insights outbound campaigns quickstart overview chat quickstart streaming non streaming openai compatibility session management variable substitution sms chat web widget workflows migrate to squads quickstart overview examples squads quickstart overview handoff tool passing data between assistants examples webhooks setting server urls server events spam call rejection developing locally server authentication observability evals simulations pre release boards structured outputs scorecard monitoring best practices prompting guide debugging voice agents enterprise environments dev uat prod ivr navigation testing resources faq how vapi works integrations community support security and privacy data flow single sign on sso jwt authentication recording consent plan gdpr compliance hipaa compliance zero data retention zdr pci compliance proxy server guide static ip addresses soc 2 compliance legal introduction phone calls web calls vapi guides composer cli quickstart quickstart transient vs permanent configurations variables multilingual support personalization with user information voice formatting plan flush syntax background messages idle messages assistant hooks background speech denoising pronunciation dictionaries email address reading speech configuration voice pipeline configuration voice fallback configuration transcriber fallback configuration openai realtime speech to speech provider keys tools built in call tools voicemail tool custom tools code tool client side tools web sdk tool rejection plan static variables and aliases custom tools troubleshooting google calendar google sheets slack gohighlevel knowledge retrieval query tool custom knowledge base argument encryption custom keywords custom voices elevenlabs playht cartesia custom transcriber custom tts fine tuned openai models bring your own server tool calling integration appointment scheduling lead qualification inbound support voice widget documentation agent support escalation multilingual agent free vapi number inbound sms twilio telnyx sip telephony sip trunking networking and firewall twilio telnyx zadarma plivo amazon chime sdk troubleshoot sip trunk credential errors phone number hooks calls outbound calls websocket transport real time call control customer join timeout voicemail detection call forwarding assistant based warm transfer dynamic call transfers on hold specialist transfer debug forwarding drops call queue management call concurrency call end reasons troubleshoot call errors call analysis call recording retrieve call artifacts quickstart overview quickstart streaming non streaming openai compatibility session management variable substitution sms chat web widget migrate to squads quickstart overview appointment scheduling lead qualification medical triage order management property management multilingual support quickstart overview handoff tool passing data between assistants clinic triage scheduling handoff tool clinic triage scheduling e commerce order management property management routing multilingual support silent handoffs webhooks setting server urls server events spam call rejection developing locally server authentication quickstart advanced quickstart advanced boards quickstart examples quickstart quickstart prompting guide debugging voice agents enterprise environments dev uat prod ivr navigation test suites chat testing voice testing faq core models voices text to speech vapi voices legacy migration elevenlabs playht azure openai cartesia lmnt minimax rimeai deepgram inworld openai azure openai anthropic bedrock gemini groq deepinfra perplexity togetherai openrouter deepgram google gladia speechmatics soniox talkscriber assemblyai aws s3 gcp cloud storage cloudflare r2 supabase langfuse voiceflow chatdash vapify voicerr ai voiceaiwrapper sympana connector support how to report issues enterprise glossary rss feed data flow single sign on sso jwt authentication recording consent plan gdpr compliance hipaa compliance zero data retention zdr pci compliance proxy server guide static ip addresses tcpa consent guidelines website status support dashboard light on this page prerequisites generating a jwt token jwt token scopes example generating a private jwt token example generating a public jwt token explanation usage making an authenticated api request example explanation usage web client scroll to top resources security and privacy jwt authentication copy page secure api authentication guide this documentation provides an overview of jwt json web token authentication and demonstrates how to generate a jwt token and use it to authenticate api requests securely prerequisites before you proceed ensure you have the following an environment that supports jwt generation and api calls e g a programming language or framework an account with a service that requires jwt authentication environment variables set up for the necessary credentials e g organization id and private key both can be found in your vapi portal generating a jwt token the following steps outline how to generate a jwt token define the payload the payload contains the data you want to include in the token in this case it includes an orgid get the private key the private key provided by vapi is used to sign the token ensure it is securely stored often in environment variables set token options define options for the token such as the expiration time expiresin generate the token use a jwt library or built in functionality to generate the token with the payload key and options jwt token scopes the generated jwt token can have one of two scopes private or public the scope of the token will determine the actions that can be performed using the token for example it can be used to restrict which api endpoints the token can access as of writing the only publicly scoped api endpoint is https api vapi ai call web which is used for web call creation all other endpoints are privately scoped example generating a private jwt token 1 define the payload 2 const payload 3 orgid process env org_id 4 token 5 this is the scope of the token 6 tag private 7 8 9 10 get the private key from environment variables 11 const key process env private_key 12 13 define token options 14 const options 15 expiresin 1h 16 17 18 generate the token using a jwt library or built in functionality 19 const token generatejwt payload key options example generating a public jwt token 1 define the payload 2 const payload 3 orgid process env org_id 4 this is the scope of the token 5 token 6 tag public 7 restrictions 8 enabled true 9 allowedorigins https example vapi ai 10 allowedassistantids 1cbf8c70 5fd7 4f61 a220 376ab35be1b0 11 allowtransientassistant false 12 13 14 15 16 get the private key from environment variables 17 const key process env private_key 18 19 define token options 20 const options 21 expiresin 1h 22 23 24 generate the token using a jwt library or built in functionality 25 const token generatejwt payload key options explanation payload the payload includes the orgid representing the organization id and the token object with the scope of the token key the private key is used to sign the token ensuring its authenticity options the expiresin option specifies that the token will expire in 1 hour token generation the generatejwt function a placeholder for the actual jwt generation method creates the token using the provided payload key and options usage making an authenticated api request if you set the scope to private you can use it to make authenticated api requests the following steps outline how to make an authenticated request define the api endpoint specify the url of the api you want to call set the headers include the content type and authorization headers in your request the authorization header should include the generated jwt token prefixed with bearer make the api call use an appropriate method to send the request and handle the response example 1 async function getassistants 2 const response await fetch https api vapi ai assistant 3 method get 4 headers 5 content type application json 6 authorization bearer token 7 8 9 10 const data await response json 11 console log data 12 13 14 fetchdata catch console error explanation api endpoint the url of the api you want to call headers the content type is set to application json and the authorization header includes the generated jwt token api call the fetchdata function makes an asynchronous get request to the specified api endpoint and logs the response usage web client if you set the scope to public you can use it to make authenticated api requests using the vapi web client import vapi from vapi ai web const vapi new vapi your jwt token vapi start your assistant id was this page helpful yes no edit this page previous recording consent plan configure consent management for call recording compliance next built with
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)
  • Logo
  • Logo

Verified site has: 203 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
51-55 56-60 61-65 66-70 71-75 76-80 81-85 86-90 91-95 96-100
101-105 106-110 111-115 116-120 121-125 126-130 131-135 136-140 141-145 146-150
151-155 156-160 161-165 166-170 171-175 176-180 181-185 186-190 191-195 196-200
201-203


The site also has 1 references to other resources (not html/xhtml )

 buildwithfern.com/?utm_campaign=buildWi___.ai  Verify


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/1.0 308 Permanent Redirect
Content-Type text/plain
Location htt????/docs.vapi.ai/customization/jwt-authentication
Refresh 0;url=htt????/docs.vapi.ai/customization/jwt-authentication
server Vercel
HTTP/2 200
age 139169
cache-control public, max-age=0, must-revalidate
content-encoding gzip
content-security-policy default-src self ; script-src self unsafe-inline unsafe-eval htt????/app.buildwithfern.com https: blob:; style-src self unsafe-inline htt????/app.buildwithfern.com https:; img-src self htt????/app.buildwithfern.com https: data: blob:; font-src self htt????/app.buildwithfern.com https: data:; connect-src self htt????/app.buildwithfern.com https: wss: ws: data: blob:; media-src self htt????/app.buildwithfern.com https: data: blob:; object-src self htt????/app.buildwithfern.com https: data: blob:; frame-src self htt????/app.buildwithfern.com https: data: blob:; base-uri self ; form-action self htt????/app.buildwithfern.com https:
content-type text/html; charset=utf-8
date Sat, 18 Jul 2026 02:46:36 GMT
etag W/ yovkqycc43l3dy
link </.well-known/api-catalog>; rel= api-catalog
permissions-policy camera=(), geolocation=()
referrer-policy strict-origin-when-cross-origin
server Vercel
strict-transport-security max-age=63072000; includeSubDomains; preload
vary rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
x-content-type-options nosniff
x-matched-path /[domain]/[mode]/[requiresLogin]/[isLoggedIn]/[roles]/[locale]/[slug]
x-nextjs-prerender 1
x-nextjs-stale-time 300
x-powered-by Next.js
x-vercel-cache HIT
x-vercel-id fra1::iad1::bbmrq-1784481965886-1c2adacb126a

Meta Tags

title="JWT Authentication | Vapi"
charset="utf-8"
name="viewport" content="width=device-width, height=device-height, initial-scale=1, minimum-scale=1, maximum-scale=5, user-scalable=yes"
name="fern:rendering-mode" content="production-remote"
name="fern:loader-mode" content="ledger"
name="description" content="Secure API authentication guide"
name="application-name" content="Vapi"
name="generator" content="htt????/buildwithfern.com"
name="fern-page-roles" content='{"authed":false,"viewers":["everyone"]}'
property="og:title" content="JWT Authentication | Vapi"
property="og:description" content="Secure API authentication guide"
property="og:url" content="htt????/docs.vapi.ai/customization/jwt-authentication"
name="twitter:card" content="summary_large_image"
name="twitter:title" content="JWT Authentication | Vapi"
name="twitter:description" content="Secure API authentication guide"
id="fern-theme-color-preferred-light" name="theme-color" content="#fff" media="(prefers-color-scheme: light)"
id="fern-theme-color-preferred-dark" name="theme-color" content="#0e0e13" media="(prefers-color-scheme: dark)"
id="fern-theme-color" name="theme-color" content="#fff"

Load Info

page size128506
load time (s)0.339383
redirect count1
speed download379073
server IP 76.76.21.123
* all occurrences of the string "http://" have been changed to "htt???/"