Skip to main content

POST /authentication/jwt

Generate a JWT (JSON Web Token) for secure frontend WebSocket connections. JWTs allow your client-side code to connect without exposing your API key. Security model: Generate JWTs server-side using your API key, then pass the jwtKey to your frontend. The JWT can be scoped to specific creators (allowed_creators) and limited to a set number of concurrent connections. Expiry: Tokens expire after expire_after seconds (default: 3600 = 1 hour). After expiry, the client must request a new token from your backend. Use cases: Web applications where the frontend connects directly to wss://api.tik.tools?uniqueId=USERNAME&jwtKey=TOKEN. This keeps your API key on the server while letting browsers connect to the WebSocket.

Parameters

ParameterTypeRequiredDescription
expire_afternumberNoSeconds until expiry (default: 3600)
allowed_creatorsstring[]NoRestrict to specific creators
max_websocketsnumberNoMax concurrent WS connections (default: 1)

Response

{ "status_code": 0, "data": { "token": "eyJ..." } }

Examples

const res = await fetch('https://api.tik.tools/authentication/jwt?apiKey=YOUR_KEY', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ expire_after: 3600, allowed_creators: ['streamer1'] })
});
const { data } = await res.json();
// Use data.token for WebSocket: wss://api.tik.tools?jwtKey=TOKEN