Authrator supports three authentication modes to fit any API workflow
No Auth
Use this mode when your endpoint does not require authentication. All requests are sent without an Authorization header.
Config JWT
Fully customizable JSON Web Token (JWT) generation for traditional or custom workflows:
- Custom Payload Builder: Add, edit, or remove arbitrary key–value claims in a clean form interface.
- Algorithm Selection: Choose from HMAC (HS256/384/512) or RSA/ECDSA (RS256/384/512, ES256/384/512) signing algorithms via a dropdown.
- Private Key Upload: Securely upload your PEM‑formatted private key for asymmetric signing.
- Generate Now: Click Generate Now to create and validate the JWT; on success, the token is injected into the Authorization: Bearer header.
AVQ JWT
Pre‑configured for Avaloq ecosystem compliance, with flexibility for custom extensions:
- Predefined Claims: Core Avaloq/AVQ JWT payload (e.g., sub, avq_bu, iat, exp) is presented automatically.
- Additional Fields: Add extra key–value pairs alongside the predefined claims to meet your application’s requirements.
- Algorithm & Key: Select an RSA/ECDSA algorithm and upload the matching private key to sign tokens correctly.
- Generate Now: Click Generate Now to produce a compliant AVQ JWT and include it in the Authorization: Bearer header.
Switch between modes seamlessly in the Auth tab of the Request Builder. Every time you generate a token, Authrator performs a signature validation and alerts you to any issues before sending the request.
