Avatar

Employee

Hi @Urs_Boller, in that case you first need to remove the web-src/ folder to make your app headless instead of SPA, so that JWT token can be validated.

 

aio app delete web-assets

 

To test the token, you could retrieve it from I/O Console, under "Generate JWT token" in your project, and pass it in the request header to your action, e.g. `Authorization: Bearer ey1234567890....`.

To have the token generation in action code, you could leverage the Adobe IMS SDK . Please note that, it's better not to expose your action as a web action in this case, because then anyone can access your data. What would make sense for this authentication is a cron job which runs at interval to import data from Analytics, for example. You can use the Alarms package to set up this cron job.