image for site

Steps to Take if JWT Token is Compromised

Learn what to do if your JWT token is compromised, including resetting the shared secret and revoking existing tokens.

What should I do if my JWT token is compromised?

If your JWT token is compromised, you should reset your shared secret and revoke all existing tokens.

Resetting the shared secret will invalidate the access of anyone who had previously authenticated, preventing them from viewing restricted content until a new valid token is issued. This ensures that your restricted content remains secure and only accessible to authorized users.


More related questions

How can I configure Web Widget (Classic) to show restricted help center content?

To show restricted help center content in Web Widget (Classic), you need to configure your widget settings and add code snippets to your website. First, ensure your help center security settings are correct by enabling or disabling the 'Require…

What are the security settings for displaying restricted content in Web Widget (Classic)?

The security settings for displaying restricted content in Web Widget (Classic) depend on your help center type. For a public help center, do not enable 'Require sign in'. For a restricted help center, enable 'Require sign in'. If your help center…

Do I need single sign-on (SSO) for Web Widget (Classic) restricted content?

You don't need single sign-on (SSO) to use restricted content in Web Widget (Classic), but it can enhance the user experience. SSO provides a seamless experience for users who want to view original articles from the Web Widget. However, even…

How do I generate a JWT token for Web Widget (Classic)?

Generating a JWT token for Web Widget (Classic) involves creating a server-side payload with specific information. The payload should include the customer's name, email, current timestamp (iat), and a unique identifier (jti). Specify HS256 as the…

Can I test Web Widget (Classic) restricted content on localhost?

Yes, you can test Web Widget (Classic) restricted content on localhost by adding it to the allowlist. Specify 'localhost' or '127.0.0.1' as a valid domain in the allowlist to test in your development environment. This setup should allow you to view…

Interested indeflectingover 70% of your Zendesk support tickets?

Our AI customer support agent is here to help. Trained on all your help docs, installed directly into your Zendesk account, it can be used to automate customer replies for tickets or live chat. Learn more below.
Zendesk logo

Zendesk Support Tickets

Receive new tickets by email or a support form? This integration is for you.
My AskAI integrated within Zendesk to deflect support tickets
Learn about our Zendesk ticket integration
Zendesk logo

Zendesk Messaging (live chat)

Using Zendesk's Messaging widget on your site for live chat? This integration is for you.
My AskAI integrated within Zendesk to deflect customer support live chat conversations
Learn about our Zendesk Messaging integration

Join1,000+ companies reducing their support costs and freeing up support agents for more important work

Vestd company logo — Customer of My AskAI's AI customer support agents
Genesis company logo — Customer of My AskAI's AI customer support agents
Zinc company logo — Customer of My AskAI's AI customer support agents
Customer.io company logo — Customer of My AskAI's AI customer support agents
Zeffy company logo — Customer of My AskAI's AI customer support agents
NHS company logo — Customer of My AskAI's AI customer support agents
Kontakt.io company logo — Customer of My AskAI's AI customer support agents

Reduce support costs.Spend more time on customer success.

Our AI customer support agents are already used by 👇
Companies using AI assistants on their websites