JWT Token Generation

I am having trouble successfully generating a JWT token. I suspect it’s the way that I’m converting the admin secret key. I’ve tried decoding the key in a number of different conversions (binary, binary byte array, etc.) and I can’t get anything to work. Example screenshot of most recent attempt:

No matter what I try, the generated token returns this error when I try to load it in an API call:

message: Invalid token: invalid signature,
context: null,
type: UnauthorizedError,
details: null,
property: null,
help: null,
id: 2b86b3d0-684e-11ee-b6af-0197ef128098,
ghostErrorCode: null

Any suggestions as to what I may be doing wrong?


Can you share a bit more about the context in which you’re creating it?

1 Like

Sure thing, Ryan. I’m ultimately trying to create an API call using Xano. I have a function setup that generates a token using the Ghost admin API documentation within the Xano interface.

However, since I’ve been continually getting that invalid signature response no matter how I tweak the function, I am now using JWT Debugger to manually try to create a token. That’s the first screenshot above - I manually entered the Header, Payload, and Signing Key (Ghost Admin Key in byte binary array) and then copy the JWT string that is created and pass it along in a test API call using Xano.

The goal of using JWT Debugger is just so that I can understand what component of the token my Xano function isn’t delivering correctly. Ultimately I will be generating it within that function in production, but since it’s not working need to figure out what part is wrong.

If it’s helpful, here’s a screenshot of the API request that is returning the invalid signature error. I’m just copying the generated JWT token from JWT Debugger into the token that is passed in this header:

I’m guessing there’s something going awry with your JWT token generation as you suspect.

To eliminate as many variables as possible, are you able to try making an API call with Node using our SDK? If that works, then you can know that the environment is the issue here (Xano) — I’ve seen instances where some environments generate JWTs differently, which causes this error (e.g., in Google Scripts).