Skip to main content
Once a user is signed in, you can request a Para JWT token. This token will provide attestations for the user’s ID, their identity, any wallets they have provisioned via your application, and any connected wallets in their current session.

Requesting a JWT Token

import { ParaMobile } from "@getpara/react-native-wallet";

const para = new ParaMobile("your-api-key");

const { token, keyId } = await para.issueJwt();

Hook Reference

The token’s expiry will be determined by your customized session length, or else will default to 30 minutes. Issuing a token, like most authenticated API operations, will also renew and extend the session for that duration.
The token’s aud field will be set to your API key’s unique ID, linking it specifically to your application.

Token Structure

Depending on the user in question, a decoded token payload might resemble the following: 
{
  "data": {
    "userId": "d5358219-38d3-4650-91a8-e338131d1c5e",
    "wallets": [
      {
        "id": "de4034f1-6b0f-4a98-87a5-e459db4d3a03",
        "type": "EVM",
        "address": "0x9dd3824f045c77bc369485e8f1dd6b452b6be617",
        "publicKey": "0x0465434f76c8321f386856c44e735fd365a09d42c1da03489184b651c2052ea1c7b19c54722ed828458c1d271cc590b0818d8c7df423f71e92683f9e819095a8c6"
      },
      {
        "id": "d70f64e4-266a-457e-9cea-eeb42341a975",
        "type": "SOLANA",
        "address": "EEp7DbBu5yvgf7Pr9W17cATPjCqUxY8K8R3dFbg53a3W",
        "publicKey": ""
      }
    ],
    "connectedWallets": [
      {
        "id": "de4034f1-6b0f-4a98-87a5-e459db4d3a03",
        "type": "EVM",
        "address": "0x9dd3824f045c77bc369485e8f1dd6b452b6be617",
        "publicKey": "0x0465434f76c8321f386856c44e735fd365a09d42c1da03489184b651c2052ea1c7b19c54722ed828458c1d271cc590b0818d8c7df423f71e92683f9e819095a8c6"
      },
      {
        "id": "d70f64e4-266a-457e-9cea-eeb42341a975",
        "type": "SOLANA",
        "address": "EEp7DbBu5yvgf7Pr9W17cATPjCqUxY8K8R3dFbg53a3W",
        "publicKey": ""
      }
    ],
    "email": "email@example.com",
    "authType": "email",
    "identifier": "email@example.com",
    "oAuthMethod": "google" // or: undefined | "x" | "discord" | "facebook" | "apple"
  },
  "iat": 1745877709,
  "exp": 1745879509,
  "aud": "a31b8f2e-7c6d-4e5a-9f8b-1d2c3a4b5e6f",
  "sub": "d5358219-38d3-4650-91a8-e338131d1c5e"
}

JWKS Verification

Para’s JSON Web Keys Set (JWKS) file(s) are available at the following URLs:
EnvironmentJWKS URL
SANDBOXhttps://api.sandbox.getpara.com/.well-known/jwks.json
BETAhttps://api.beta.getpara.com/.well-known/jwks.json
PRODhttps://api.getpara.com/.well-known/jwks.json

Best Practices

  • Session Verification: For security-critical operations, verify JWT tokens on both client and server sides
  • Token Expiry: Be aware that tokens expire based on your session configuration and plan accordingly
  • Secure Storage: Never store JWT tokens in insecure locations for sensitive applications