https://vapi.ai/ logo
Join Discord
Powered by
JWT broken
# support
g
JWT creation for the webclient, seems to be broken. Aside from that the docs seem to have changed and they are now linking to an non existing page. https://docs.vapi.ai/customization/jwt-authentication It was working fine until <2 days ago, now it just wont work. The regex rules on the private key creation page also seem to be broken https://cdn.discordapp.com/attachments/1371356633262850118/1371356633598263306/uL3IU2V.png?ex=6822d6e4&is=68218564&hm=b0afb06cf404d5255c972a69a47d55e269029c0a62fc457749de9c2bc2a9a784&
keep getting Error: {"message":"Couldn't verify JWT.","error":"Unauthorized","statusCode":401}
v
Thank you for sharing the details about the issues you're experiencing with JWT creation and the changes to the documentation link. I understand how frustrating it can be when something that was working suddenly stops, especially with error messages like the one you're seeing for the Allowed Origins field. Your feedback about the regex validation and the broken documentation link is valuable, and it's clear you've provided helpful details about what you're encountering.
Thank you for sharing the details about the issues you're experiencing with JWT creation and the changes to the documentation link. I understand how frustrating it can be when something that was working suddenly stops, especially with error messages like the one you're seeing for the Allowed Origins field. Your feedback about the regex validation and the broken documentation link is valuable, and it's clear you've provided helpful details about what you're encountering.
I'm sorry to hear you're experiencing issues with JWT creation and the regex validation for allowed origins, especially since everything was working fine just a couple of days ago. It can be really frustrating when things suddenly stop working and documentation links are broken. Thank you for sharing the details and the error message—hopefully these issues get resolved soon.
I'm sorry to hear you're experiencing issues with JWT creation and the regex validation for allowed origins, especially since everything was working fine just a couple of days ago. It can be really frustrating when things suddenly stop working and documentation links are broken. Thank you for sharing the details and the error message—hopefully these issues get resolved soon.
g
when my private key, org id, public key along with the format is exactly how it should be
a
\## Problem: The validation regex in the private API key creation form is rejecting 
http://localhost:3000/
URLs, showing "Please enter a valid regex URL" error. This prevents creating a private API key for local development, which then causes JWT authentication to fail with a 401 Unauthorized error. ## Why it's occurring: The URL validation function is designed specifically for production domain names and wildcard subdomains, not [localhost](http://localhost). The regex pattern explicitly requires. This pattern: 1\. Expects a hostname with a dot separator (e.g., 
example.com
) 2\. Requires a TLD of 2-6 characters after the dot (\`.com\`, 
.org
, etc.) 3\. Was never intended to validate [localhost](http://localhost) or IP addresses The validation is working as designed for production domains, but doesn't accommodate local development environments. This is an intentional security constraint since JWTs generated with private keys should be using production domains in real-world scenarios. For local testing, you need to use a service like ngrok to create a public URL.
r
why for local teesting we should go via public url, it should be fixed
getting this error Body: { "message": "JWT doesn't permit access. Hot tip, you may be missing 
token
in your JWT.", "error": "Unauthorized", "statusCode": 401 } even after putting the correct private api key and org id as said, please help, tried passing via Bearer as well
a
Hey, Could you please schedule a brief call at your convenience so we can discuss this matter in detail? Kindly use the following link to book a suitable time: .
r
Thanks a lot for reaching out for support, but all the slots till next month 20th june are totally booked 😦
a
can you please provide your org id so I can investigate the logs?
r
8b6f6c1e-419c-4820-bf36-5b84044af904
still facing the same problem, tried creating new private api key allowing the my produciton host, still same issue
Error: Status code: 401 Body: { "message": "JWT doesn't permit access. Hot tip, you may be missing 
token
in your JWT.", "error": "Unauthorized", "statusCode": 401 }
no worries, figured out it was due to the scope 🙏 but public doc of jwt is still giving 404, had to go history of git document
a
should work now
j
Hey team 👋 When running my app locally, the API calls fail (even though using the official @Vapi-ai/server-sdk). I'm trying to retrieve assistants / calls / phone numbers. It is because I'm running this from my localhost, and your security doesn't allow JWT tokens from the private API key ? It does work in my pre-production and production environments.
a
Are you using private token to generate the JWT?
j
Yes, private taken
Actually using the private key to call the API, not even generating jwt sorry. Simply calling the API via the server sdk. "fetch failed" when trying from my local machine
a
Can you send me your reproducible code sample repository in DM?
2 Views
PreviousNext
Powered by