Documentation Menu

How to Create NST Token v2


We have used JWT as NST in our API/app. JSON Web Token (JWT) is a JSON-based open standard for creating access tokens that assert some number of claims. 

For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. The tokens are signed by one party's private key (usually the server's), so that both parties (the other already being, by some suitable and trustworthy means, in possession of the corresponding public key) are able to verify that the token is legitimate. 

The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on (SSO) context. 

JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.


JWT relies on other JSON-based standards: JWS (JSON Web Signature) and JWE (JSON Web Encryption)

JWTs generally have three parts: a header, a payload, and a signature. 


nopStation includes JWT (JSON Web Token) security. You can enable JWT security from the admin panel. It will require an NST header for every API request. JWT payload (NST_KEY) contains the Token key which is encrypted by the HS512 algorithm against your signature/Token secret. By checking IAT (Issued at) you can set the validity of a JWT Token.


Admin Panel:

Set JWT Security, Token Key, Token Secret and IAT from https://[YOUR_DOMAIN]/Admin/WebApi/Configure


Manual (Postman)

Go to

Set Algorithm HS512

Add payload NST_KEY. Value will be the Token key from Web Api settings page.

Use Token secret as 512 bit secret  

***Developer has to change these two values by copy-pasting according to server value(NST_KEY and NST_SECRET).


File API.swift contains TokenKey and TokenSecret constants. Put the same value as on the admin panel.

    static let TokenKey = "[TOKEN_KEY]"

    static let TokenSecret = "[TOKEN_SECRET]"



Put the NST_KEY and NST_SECRET value in the file under the project directory.



***Developer has to change these two values by copy-pasting according to server values (NST_KEY and NST_SECRET).

Book a Meeting