Token Metadata
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

This page explains the structure and lifecycle of JWT tokens generated by CONNECT Authenticate.

Response Structure

The authentication response contains a single field:

Field	Type	Description
token	string	The JWT Bearer token - a cryptographically signed string containing authentication claims. Valid for 1 hour.

Example Response:

{
  "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Im…hPeGE7Ak8YtKFbA"
}

JWT Token Structure

The JWT token is composed of three parts separated by dots (.):

{header}.{payload}.{signature}

Header - Contains metadata about the token type and signing algorithm
Payload - Contains the claims (user information, scopes, expiration, etc.)
Signature - Cryptographic signature ensuring token integrity

Example JWT token structure:

eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ3RTRBNzMxRjMyQjYwQzM4QTQxMkREMUVCNEJBOTg4IiwidHlwIjoiYXQrand0In0
.
eyJpc3MiOiJodHRwczovL3NlLXdlYnNlcnZpY2UuYXBwcy5jcmVkaXRzYWZlLmNvbS8iLCJuYmYiOjE3MzA5NzMyNzksImlhdCI6MTczMDk3MzI3OSwiZXhwIjoxNzMwOTc2ODc5LCJhdWQiOiJDcmVkaXRzYWZlU3dlZGlzaEFQSSIsInNjb3BlIjpbImRhdGFjaGVjayIsImNvbXBhbnlnZXRkYXRhIl0sImNsaWVudF9pZCI6InlvdXItdXNlcm5hbWUiLCJqdGkiOiI4RTdBNDk2QTZFQkZCQzQ2OTY0QzRDQTgyMzM3QkU5NiJ9
.
signature_hash

Token Handling

While JWT tokens can be decoded to inspect their payload, you should never attempt to manually verify or modify tokens. Always treat tokens as opaque strings and rely on Creditsafe's services to validate them.

Token Lifecycle

Understanding the token lifecycle is critical for proper implementation:

Validity Period: 1 hour from generation
Concurrent Tokens: Multiple valid tokens can exist simultaneously
Cross-Service Usage: Same token works for all Sweden REST APIs
Expiration Handling: Service calls return 403 when token expires

Token Lifecycle Diagram

Diagram summary (accessibility): A token is generated via POST to the authenticate endpoint. It remains valid for one hour. On each use, if the token is still valid it is used in API calls and the service returns a response; if the token has expired, a 403 error is returned and a new token must be requested.

Token Refresh Best Practices

Recommended Approach

Proactive Refresh Strategy:

Track when the token was generated
Set a refresh timer for 55 minutes after generation
Request a new token before the current one expires
This ensures uninterrupted service access

Generating new tokens too frequently (e.g., every few minutes) can degrade performance.

Alternative Approach:

Catch 403 Token Expired responses
Refresh the token reactively
Retry the failed request with the new token

Cross-API Token Usage

One Token for All Services

The same authentication token can be used across all Creditsafe Sweden REST APIs:

GetDataUnits REST
DateCheck Consumer REST
DateCheck Company REST
GetSignatory v2 REST
GetData REST
SPAR Consumer search v2 REST

You do not need to authenticate separately for each API.

Security Considerations

Token Storage:

Store tokens securely in memory or secure storage
Never log tokens in plain text
Never commit tokens to version control
Use environment variables or secure vaults for credential management

Token Transmission:

Always use HTTPS when transmitting tokens
Include tokens only in the Authorization header
Never pass tokens in URL parameters or query strings

Token Rotation:

Implement automatic token refresh before expiration
Invalidate old tokens once new ones are acquired (optional)
Monitor for authentication failures and implement retry logic

Token MetadataCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude