Once you have implemented the JWT SSO logic in your backend, test the integration before going live. These tests simulate how your backend communicates with the Document360 identity server to retrieve a one-time authorization code.
Test using cURL
Run a command-line request to verify your client credentials and payload are accepted by the Document360 identity server.
Jump to cURL →Test using Postman
Send a manual POST request in Postman to confirm a one-time authorization code is generated successfully.
Jump to Postman →Test using cURL
To test the JWT configuration using cURL, the HTTP version must be specified as HTTP/2 over TLS with the SSL version set to TLS 1.2. Without this, the cURL request will fail.
curl -X POST https://identity.document360.io/api/jwt/generate-code \
-H "Authorization: Basic BASE64_ENCODED_CLIENTID:CLIENTSECRET" \
-H "Content-Type: application/json" \
--http2-prior-knowledge \
--tls-max 1.2 \
-d '{
"username": "john.doe",
"firstName": "John",
"lastName": "Doe",
"emailId": "john.doe@example.com",
"readerGroupIds": ["group1", "group2"],
"tokenValidity": 15
}'
Replace the encoded authorization string and payload fields with your actual client credentials and user information from your system.
Readers do not need a separate account on Document360. An account on the client application is sufficient to access the knowledge base.
If the configuration is correct, you will receive a 200 OK response containing a one-time code. Use this code to redirect the reader to the knowledge base site and complete the SSO login flow.
Test using Postman
You can test your JWT SSO configuration using Postman by manually sending a request to the Code generation URL. This lets you verify that your client credentials and payload are accepted and that a one-time authorization code is generated successfully.
- Open Postman and create a new request. Set the request method to POST and enter the Code generation URL from the JWT configuration page in the URL field:
https://identity.document360.io/api/jwt/generate-code
- Go to the Authorization tab.
- Set the Type to
Basic Auth. - In the Username field, enter your Client ID.
- In the Password field, enter your Client Secret.
- Navigate to the Body tab.
- Select the raw option and set the format to JSON.
- Enter the required JSON payload:
{
"username": "john.doe",
"firstName": "John",
"lastName": "Doe",
"emailId": "john.doe@example.com",
"readerGroupIds": ["group1", "group2"],
"tokenValidity": 15
}
- Click Send to submit the request.
If the configuration is correct, you will receive a 200 OK response with a one-time code. You can then use this code to redirect the reader to the knowledge base site and complete the SSO login flow.
Best practices
- Always use your actual credentials when testing. Replace the placeholder Client ID, Client Secret, and payload values with real values from your JWT configuration page in Document360. Tests using placeholder values will not produce a valid authorization code.
- Set TLS 1.2 explicitly in cURL. HTTP/2 over TLS with TLS 1.2 is required. Omitting the
--http2-prior-knowledgeand--tls-max 1.2flags will cause the request to fail. - Use the authorization code immediately after receiving it. The code returned by the identity server is single-use and cannot be reused. If the redirect to the knowledge base is not completed in time, a new code must be requested.
- Test with a real user account from your application. Readers do not need a separate Document360 account. Use an account that exists in your client application to accurately simulate the reader login flow.
- Copy the Code generation URL directly from Document360. Use the exact URL shown in the JWT configuration page rather than constructing it manually, to avoid endpoint errors.