Authentication Using a JWT Token

In order to call a WFH API endpoint you need a valid JWT token.

JWT stands for JSON Web Token which is JSON-based security token encoding that enables identity and security information to be shared across domains.

The standard workflow of the OAuth 2.0 JWT Bearer Token Flow is as follows:

  1. The originating JWT created is posted to Swipeclock’s OAuth token endpoint.
  2. Swipeclock’s OAuth token end point validates the content and signature of the originating JWT token.
  3. Assuming the posted originating JWT token is valid and from an approved integration partner, an access token is issued.

The issued access token includes an expiration date and is valid for subsequent calls to other Swipeclock API endpoints.

This section will provide basic steps and sample .Net example code for generating a JWT token to access the WFH API. It is not intended to be a full description of the JWT process. For full information, recommended third-party libraries, and example source code in other languages, please go to