Set up a Token Signer

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Configure a token signer to enable secure JWT-based authentication for tokenizer service integration. This task involves creating an OAuth entity profile with JWT Bearer grant type, setting up OAuth credentials, and establishing a connection alias that links to your tokenizer service endpoint.

    Before you begin

    Role required: admin

    Complete set up for context-aware authorization in the tokenizer service. See Initial setup for Vault schema, Connections and Service Account for Card data security (KB2830577) for more information.

    Perform the following set up tasks for the token signer:
    Note:
    Ensure you are using the Token Signing credentials JSON file from the tokenizer service when performing the above set up tasks.

    Procedure

    1. Navigate to All > oauth_entity_profile.do.
    2. Enter the following field values.
      FieldValue
      Grant type JWT Bearer
      OAuth provider <The OAuth provider for the client bearer token>
      JWT Provider <The Token Signing JWT Provider created from the task Set up a JWT Provider>
    3. Select Submit.
    4. In the OAuth Entity Profiles list, verify Is default is set to false.
    5. Set up an OAuth Credential.
      In the OAuth entity profile field, select the OAuth entity profile created earlier in this procedure.
    6. Navigate to All > Integration Hub > Connections & Credentials > Connection & Credential Aliases.
    7. Select the CardDataSecurity.DataTokenSigner record.
    8. In the Connections related list, select New.
    9. Enter the following field values.
      FieldValue
      Name <Name of the HTTP(s) connection>
      Connection URL <The tokenizer service endpoint URL i.e. the tokenURI value from the token signing credentials JSON file>
      Credential <The OAuth Credential created earlier in this procedure>
      Connection alias sn_data_sec.CardDataSecurity_DataTokenSigner
      vault_id Attribute <The vault ID of the tokenizer service data vault>

    Result

    The token signing JWT Provider is configured.