{
  "kid": "<string>",
  "aud": "<string>",
  "iss": "<string>",
  "sub": "<string>",
  "sid": "<string>",
  "exp": 123,
  "iat": 123,
  "environment_id": "<string>",
  "last_verified_credential_id": "<string>",
  "member_environment_ids": [
    "95b11417-f18f-457f-8804-68e361f9164f"
  ],
  "scope": "superuser marketing operations"
}
kid
string
required

Project environment jwt public key id, used to verify the jwt using the the jwks endpoint

aud
string
required

Audience: this will be the origin header, pertaining to the client site

iss
string
required

Issuer: current backend api host + environment id

sub
string
required

Dynamic user ID

sid
string
required

Dynamic session ID

exp
number

Expiration timestamp

iat
number

Timestamp for when the JWT was issued at

environment_id
string
required

Dynamic environment ID

last_verified_credential_id
string
required

ID of the most recently used verified credential. This would refer to a value in the verified credentials list in the corresponding SdkUser

member_environment_ids
string[]

This will be populated when environment_id is the Dynamic production environment ID. This is a list of environment IDs that the subject user ID can make configuration and set up changes as as organization admin.

scope
string

A whitespace-separate list of permissions associated with the JWT token issued. This conforms to the JWT standard for scope claims: https://datatracker.ietf.org/doc/html/rfc8693#section-4.2