Allegion Developer Portal
Allegion Developer Portal
Last modified: 06.17.2025
JSON Web Tokens (JWTs) are an open standard (RFC 7519) that provide a compact and self-contained way for securely transmitting information between parties as a JSON object. In the context of Schlage Mobile Credentials NFC functionality, JWTs are used for authentication and authorization within the SDK.
The Schlage Mobile SDK requires two types of JWTs for proper authentication:
This guide outlines the specific requirements for both token types when implementing NFC functionality with the Schlage Mobile SDK.
The ID Token is used to authenticate the user's identity. It must contain specific claims to be valid for the Schlage Mobile SDK NFC implementation.
https://api.allegion.com/email - Custom claim that identifies the userhttps://api.allegion.com/integrationId - Required if using the standard (non-extended) authentication request for the SDK. The value will be provided by your Allegion representative.iss (Issuer): The issuer value must be supplied to Allegion during integration setup. This value will be used to validate tokens and must remain consistent.
aud (Audience): For ID tokens, this should be AllegionAccessHub. Note that while AllegionAccessHub is the recommended and standard value, the accepted audience can be flexible if required for specific integration needs.
https://api.allegion.com/email: This custom claim doesn't necessarily need to be an email address, but its value must align with the user ID used when making the Create Access Right API call. This ensures proper association between the token and the user's access rights.
Note that the example JWTs provided contain some common/standard claims for illustrative purposes.
{
"iss": "https://your-identity-provider.com",
"sub": "user123",
"aud": "AllegionAccessHub",
"exp": 1718762864,
"iat": 1718676464,
"name": "John Doe",
"email": "john.doe@example.com",
"https://api.allegion.com/email": "john.doe@example.com",
"https://api.allegion.com/integrationId": "your-integration-id"
}
The Access Token is used to authorize the user to access specific resources. It contains permissions and scopes that determine what actions the user can perform.
https://api.allegion.com/email - Custom claim that identifies the useriss (Issuer): The issuer value must be supplied to Allegion during integration setup. This value will be used to validate tokens and must remain consistent.
aud (Audience): Must be one of the following values depending on your desired vertical and environment:
https://api.allegion.com/{your_vertical}
https://api.allegion.com/employeebadgehttps://api.allegion.com/residentkeyhttps://api.allegion.com/studentidhttps://api.allegion.com/{your_vertical}/partnerqa
https://api.allegion.com/employeebadge/partnerqahttps://api.allegion.com/residentkey/partnerqahttps://api.allegion.com/studentid/partnerqaNote that the example JWTs provided contain some common/standard claims for illustrative purposes.
{
"iss": "https://your-identity-provider.com",
"sub": "user123",
"aud": "https://api.allegion.com/employeebadge/partnerqa",
"exp": 1718762864,
"iat": 1718676464,
"https://api.allegion.com/email": "john.doe@example.com"
}
When implementing JWT authentication for NFC functionality in the Schlage Mobile SDK:
https://api.allegion.com/email claim value must match the user ID used when calling the Create Access Right API — it does not need to be an email address.For additional information or assistance with JWT implementation, please contact your Allegion Developer Success representative.