Skip to main content
POST
/
profiles
/
generateJWT
curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-d '{"domain": "ACME", "privateKey": "-----BEGIN RSA PRIVATE KEY...", "profileKey": "PROFILE_KEY"}' \
-X POST https://api.ayrshare.com/api/profiles/generateJWT

{
    "status": "success",
    "title": "User Profile Title",
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E"
    "url": "https://profile.ayrshare.com?domain=PROVIDED_DOMAIN&jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E",
    "emailSent": true,    
    "expiresIn": "30m"    
}
Generate a JSON Web Token (JWT) for use with single sign on. See the Generate JWT Overview for more details.
The JWT URL is valid for 5 minutes. After 5 minutes you must generate a new JWT URL. See the Max Pack expiresIn for additional options.

Header Parameters

Body Parameters

domain
string
required
Domain of app. Please use the exact domain given during onboarding.
privateKey
string
required
Private Key used for encryption.
profileKey
string
required
User Profile Key. The API Key cannot be used in this field.
logout
boolean
default:false
Automatically logout the current session. Recommend not to use in production since it affects the performance.See Automatic Logout of a Profile Session for more information.
redirect
string
Specify a URL to redirect to when the “Done” button or logo image is clicked. The URL will be automatically shortened in the returned JWT url. Redirect the origin opener window by adding the query parameter origin=true to the redirect URL.
allowedSocial
array
Specify the social networks to display in the linking page. This will override the social networks configured in the Social Networks page.
Only display Facebook, X/Twitter, LinkedIn, and TikTok
{
  "allowedSocial": ["facebook", "twitter", "linkedin", "tiktok"]
}
verify
boolean
default:false
Verify that the generated token is valid. Recommend to only use in non-production environment.See Opening and Closing the Social Linking URL for more information.
base64
boolean
default:false
If the private key is base64 encoded, set to true.Encode the private.key file in base64 and pass the single line String in the privateKey field.E.g in Linux: cat private.key | base64
expiresIn
number
default:5
Set the longevity of the token in minutes. Range: 1 minute to 2880 minutes.See JWT Expires In for more information.
email
object
default:5
Send a Connect Accounts email with a link for users to directly access their social linkage page.See Connect Accounts Email for more information.
twitterApiKey
string
Your X API Key (Consumer Key) from the X Developer Portal. When provided, the generated JWT URL will use your X Developer App for OAuth linking — the consent screen will show your app’s name instead of Ayrshare’s. Must be provided together with twitterApiSecret.
twitterApiSecret
string
Your X API Secret (Consumer Secret) from the X Developer Portal. Required when twitterApiKey is provided.
When you include your X API credentials, the generated JWT URL will initiate OAuth linking using your own X Developer App. Your end-users will see your app name on the X consent screen.
Required: Before using this feature, you must add these callback URLs to your X Developer App settings (under Authentication settings > Callback URI / Redirect URL):
  • https://profile.ayrshare.com/social-accounts
  • https://app.ayrshare.com/social-accounts
Without these, the OAuth flow will fail with a 403 Callback URL not approved error.
curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-d '{"domain": "ACME", "privateKey": "-----BEGIN RSA PRIVATE KEY...", "profileKey": "PROFILE_KEY"}' \
-X POST https://api.ayrshare.com/api/profiles/generateJWT

{
    "status": "success",
    "title": "User Profile Title",
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E"
    "url": "https://profile.ayrshare.com?domain=PROVIDED_DOMAIN&jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E",
    "emailSent": true,    
    "expiresIn": "30m"    
}