Authentication
Token lifecycle management and security best practices
The Oobit Widget uses JWT tokens for authentication. This guide explains how tokens work and best practices for managing them in your application.
How Authentication Works
- Your mobile app requests a token from your backend
- Your backend calls the Create Token API with your API credentials
- Oobit returns a JWT token
- Your backend forwards the token to your mobile app
- Your app initializes the
WidgetSDKwith the token
Important: Token generation must happen on your server to keep your API credentials secure. Never expose your API key in client-side code.
Token Expiration
The token's TTL is 60 minutes, when the token expires the widget shows a 'Session Expired' modal with a button to return to the app.
See Also
- Create Token API - API reference for token generation
Updated about 2 hours ago