Enhanced Rest API Security with MiniOrange’s JWT Validation Solution

Enhanced Rest API Security with MiniOrange's JWT Validation Solution

miniOrange x BNY Mellon

Use Case : The access token obtained from the third-party provider is converted to JWT through their API Gateway and should be subsequently utilized for JIRA REST API authentication.

BNY Mellon sought assistance from miniOrange to validate their custom JWT using a public certificate. The JWT is sourced as an access token from a third-party provider and is transformed into JWT format using their internal API Gateway. Additionally, the payload includes a specific attribute that may contain either a username or email, potentially with a prefix.

Solution We Provided

Jira REST APIs are authenticated using JWT through the miniOrange REST API Plugin. While accessing API using JWT, the plugin validates the JWT using a pre-configured public certificate and allows access to APIs if the token is valid. The API is accessed under the user that is associated with the username received in the plugin.

How the Solution Works

  • The JWT obtained from a third-party provider is included in the Authorization Header for API Authentication.
  • The miniOrange REST API plugin decodes the JWT using the public certificate, extracting both the header and payload.
  • The plugin then deciphers the received signature from the payload using the algorithm specified in the header.
  • Next, the plugin verifies the decoded signature against the hash of the header and payload using the configured public key.
  • If the signature is valid and the token has not expired, it confirms the JWT's authenticity, allowing the JIRA API request to proceed.
  • The plugin then extracts and verifies the username from the configured attribute, ensuring it matches the correct username or email without any additional prefixes.
  • Upon successfully identifying the user with the specified username/email, their access to the REST API is authenticated.
  • If the JWT is deemed invalid, the API call is rejected, either due to an invalid signature or an expired token.


Key Benefits of the Solution

  • Enhanced security – validating JWTs using a public certificate adds an extra layer of security that effectively prevents unauthorized access.
  • Compliance – the solution aligns with BNY Mellon’s requirements, ensuring adherence to their specifications, allowing them to operate with their desired parameters.
  • Seamless integration – the solution smoothly integrates with existing systems and workflows, reducing disruption and enabling smooth operation.

Your needs, Our solution:

Enhance your security measures with the same solutions trusted by BNY Mellon! If you have any questions about our REST API Plugin, reach out now! Contact us at info@xecurify.com or call +1 978 658 9387 for personalized assistance.