Configuring JWT authentication between applications

JSON web token (JWT) authentication is used for Journey Designer+Campaign. JWT authentication allows single sign-on between applications.

About this task

A request that comes from a calling application contains the JWT token. Marketing Platform validates the request by calling the public key service (PKS). After the JWT token is validated, the request is authenticated and allowed.

This procedure applies only when the FixPack is applied. In version, JWT authentication does not use PKS.

Use this procedure to import certificates and set configuration properties to enable JWT authentication.


  1. Retrieve the certificate from the public key service (PKS) site.
  2. Use the Java keytool to import the certificate into the application server JVM. If your applications are running on different JVMs, import the certificate on each application server JVM.

    For example,

    /keytool -import -file PKS_Certificate.cer -alias PKS_alias -keystore AppServer_JRE_home/lib/security/cacerts

    Provide a password. The default keytool password is changeit.

  3. Set JWT configuration properties on the Settings > Configuration page under HCL Marketing Platform | Security | JWT authentication.