@duypnguyen ah! I realised my error, after reading the security overview the error made more sense. It looks like I have created an SPA rather than a headless app. So that's why the JWT was failing. Need to work out how to create a headless app instead. Thanks for the help and the patience

@duypnguyen thanks. What would I put in the manifest instead of `require-adobe-auth` when I want to authenticate with a JWT? Thanks

If I want to use a JWT for an action should I have require-adobe-auth: true in the manifest.yml? Also, is there a reference of what the options and properties are for that file? I'm finding it hard to discover what can go in there. Thanks

@duypnguyen ah, that's really good to know, thanks!

Yeah, I thought about that too but like you said, it's not secure. I think it will be easier for me to use a proxy. I can authenticate the webhook to our own service and then use our existing service to get the bearer token with the JWT before calling it. Thanks

Ah, I had read about that but was hoping for a more passive way of authenticating the call. I think what I'll have to do is to run the webhook to another service (something we already do) and then authenticate my own service and use that to call the Firefly action. Thanks I'll explore this as a poss...

I have been asked to explore Project Firefly and various uses of it and I'm struggling to understand how to authenticate this call. I'm only at the very beginning of exploration so I have probably missed something and was hoping someone could point me in the right direction.I have created a new gene...

https://www.adobe.io/apis/experienceplatform/events/docs.html#!adobedocs/adobeio-events/master/intro/webhook_docs_intro.md#authenticating-events At the bottom of this page there is a small example of "Javascrip(pseudo-code)" which is entirely unhelpful as it fails to explain the only part of the cod...