Signed JWT

To obtain access tokens securely, signed JWT assertions are used in Talkdesk AppConnect™, ensuring client authentication without sending sensitive credentials.

JWT for Retrieving Access Tokens

To list an app on Talkdesk AppConnect™, you must take these security measures when retrieving an access token:

1 - The client authentication must be made using a signed JWT assertion (as per the private_key_jwt mechanism of OpenID Connect) to avoid sending credentials in the request body.

2 - To use this authentication mechanism, a JWT with information about the client has to be signed. The client_assertion_type parameter must be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer, and the JWT in the client_assertion parameter has to be provided.

3 - For each Talkdesk® account that installs a partner app, you get a private/public key pair, in addition to a client’s ID and secret. These credentials are used to create JWT tokens used to request an access token. The private key is provided to the customer in Base64-encoded PKCS#8 format.


The private key is not stored in Talkdesk systems. Talkdesk only stores the customer’s public key to validate the customer’s requests.


API Reference

Refresh Token - JWT

Refresh Token - Basic



If you have questions or technical issues, please open a ticket using this form.