web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Using JWT Authenticati...
Small and medium business | Business Central, N...
Suggested Answer

Using JWT Authentication in Business Central

(5) ShareShare
ReportReport
Posted on by haryadihart 50
Hi All,
 
Do you guys have any reference on how to generate the signature for JWT authentication?
I want to integrate with other system that is using JWT authentication, but havent found out how to code in AL.
If manual, using jwt.io and using a postman, there is no problem.
 
 
Thanks
I have the same question (0)
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 100,811 Super User 2026 Season 1 on at
    Hi, sorry I haven't tested it, I hope the information below can give you some hints.
     
     
    Thanks.
    ZHU
  • Suggested answer
    Moisesito Profile Picture
    Moisesito 110 on at
    ​
    Hi, I too was stuck on this for a day, but figured it out
     
    I've attached the code to generate the token using the JWT Secret
     
    To generate the token you may need additional information in the PayloadJSONObject like 
    Issuer:
    Subject:
    JTI: <I'm assuming this is a user id or something similar>

        procedure CreateJWT(PayloadJsonInfo: JsonObject; SignKey: Text; ExpireInSeconds: Integer) JWTToken: Text;
        var
            CryptographyMgt: Codeunit "Cryptography Management";
            Base64Convert: Codeunit "Base64 Convert";
            Header, PayLoad, Signature, SignatureHashInput : Text;
            IssuedAtLbl: Label 'iat', Locked = true;
            ExpireLbl: Label 'exp', Locked = true;
            Algorithm: Text;
            HeaderJson: JsonObject;
            txtHeaderBuilder: TextBuilder;
            TxtBuilder: TextBuilder;
            HeaderAlgLbl: Label 'alg', Locked = true;
            HeaderTypLbl: Label 'typ', Locked = true;
            HashAlgorithmType: Option HMACMD5,HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512;
        begin
            Algorithm := 'HS256'; // Using HMAC SHA256
            // 1. Add timestamps to the payload
            PayloadJsonInfo.Add(IssuedAtLbl, Format(GetCurrentDateTimeAsUnixTimeStamp()));
            PayloadJsonInfo.Add(ExpireLbl, Format(GetCurrentDateTimeAsUnixTimeStamp() + (ExpireInSeconds * 1000)));

            // 2. Setup and encode the header
            HeaderJson.Add(HeaderAlgLbl, Algorithm);
            HeaderJson.Add(HeaderTypLbl, 'JWT');
            HeaderJson.WriteTo(Header);
            Header := Base64UrlEncode(Base64Convert.ToBase64Url(Header));
            // 3. Encode the payload
            PayloadJsonInfo.WriteTo(PayLoad);
            PayLoad := Base64UrlEncode(Base64Convert.ToBase64Url(PayLoad));
            // 4. Create the signature hash input (encoded header + "." + encoded payload)
            SignatureHashInput := Header + '.' + PayLoad;
            // 5. Generate the signature using the secret key and SHA256
            // Note: The key should be handled as SecretText in a production environment for security
            Signature := CryptographyMgt.GenerateBase64KeyedHashAsBase64String(SignatureHashInput, SignKey, HashAlgorithmType::HMACSHA256); // Using HMAC SHA256
            // 6. URL-safe Base64 encode the signature and combine for the final JWT
            Signature := Base64UrlEncode(Signature);
            JWTToken := SignatureHashInput + '.' + Signature;
        end;
        // Helper function to get current Unix timestamp
        local procedure GetCurrentDateTimeAsUnixTimeStamp(): BigInteger;
        var
            UnixtimeStamp: Codeunit "Unix Timestamp";
        begin
            exit(UnixtimeStamp.CreateTimestampMilliseconds((CreateDateTime(Today, Time))));
        end;
        // Helper function for URL-safe Base64 encoding (removes padding, replaces specific chars)
        local procedure Base64UrlEncode(Input: Text): Text;
        begin
            // Remove '=' padding and replace '+' with '-', '/' with '_'
            exit(Input.Replace('=', '').Replace('/', '_').Replace('+', '-'));
        end;
    I haven't done it using User Id and Password. I hope this helps.
    ​
  • Suggested answer
    OussamaSabbouh Profile Picture
    OussamaSabbouh 15,854 Super User 2026 Season 1 on at
    Hello,
     
    In AL you can generate JWTs yourself only for HS256 (shared secret) by base64-URL encoding the header and payload, signing header.payload with HMAC-SHA256, and base64-URL encoding the signature; this is fully doable using standard AL crypto helpers. If the API requires RS256/ES256 (private key), best practice is not to sign in BC SaaS—instead call a small external service (e.g., Azure Function with Key Vault) that returns a signed JWT, then use it in HttpClient. Check the alg on jwt.io to know which path applies.
     
    Regards,
    Oussama Sabbouh
  • Suggested answer
    Khushbu Rajvi. Profile Picture
    Khushbu Rajvi. 22,415 Super User 2026 Season 1 on at
    Generate the JWT outside BC and then call the target system from BC using HttpClient with the Bearer token.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 2,034 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,199 Super User 2026 Season 1

#3
AndrewThomas81 Profile Picture

AndrewThomas81 1,080

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans