Creates a JSON Web Token (JWT) for a JSON payload.

JWTs offer a method of securely transmitting information between parties as a JSON object. The information is digitally signed using cryptographic algorithms. Because the JWT is signed, parties that receive a JWT can be assured that the data wasn’t tampered with in transit.

We recommend that you use the companion function GetJWTByKeyName() instead of GetJWT(). The difference between GetJWTByKeyName() and GetJWT() is the first parameter. In the GetJWT() function, you pass your secret as the first parameter in plain text. With GetJWTByKeyName(), you pass a reference to a key that’s stored using the Key Management feature of Marketing Cloud Engagement. With Key Management, you can also control which users have access to your keys. These factors make the GetJWTByKeyName() function more secure for most use cases.

The GetJWT() function uses this syntax: GetJWT({secret}, {algorithm}, {jsonPayload})

The function has the parameters listed in this table.

secretStringRequired. A secret used to sign the JWT.
algorithmStringRequired. The hash algorithm to use to encode the JWT. Possible values:
  • HS256—HMAC secret with SHA-256 hash
  • HS384—HMAC secret with SHA-384 hash
  • HS512—HMAC secret with SHA-512 hash
jsonPayloadStringRequired. The payload of the JWT. Typically, the payload is a JSON object with name-value pairs. The JWT payload isn’t encrypted.

To use the function, provide a signing secret, and specify the encoding algorithm. Finally, provide the payload that you want to encode.

The function outputs a JWT.

If the syntax for the function is invalid, the function returns an InvalidFunctionException error. If the function call is invalid—for example, if it has an invalid parameter value—it returns a FunctionExecutionException error.