Cisco SD-WAN Manager JWT Based Authentication for APIs

Table 1. Feature History
Feature Name	Release Information	Description
Cisco SD-WAN Manager JWT Based Authentication for APIs	Cisco Catalyst SD-WAN Manager Release 20.18.1	This feature supports Java Web Token (JWT) based authentication, enabling external applications to access Cisco SD-WAN Manager functionalities. API tokens can be generated within the Cisco SD-WAN Manager and shared with these applications, allowing them to access Cisco SD-WAN Manager through JWT authorization.

Information about Java Web Token Based Authentication

Starting from Cisco Catalyst SD-WAN Manager Release 20.18.1, users can generate API tokens in the form of Java Web Tokens (JWT) within Cisco SD-WAN Manager. These JWT API tokens enable external applications to authenticate and access data based on the user's roles and permissions within the Cisco SD-WAN Manager. Users can generate a JWT that corresponds to their specific permissions, ensuring that external applications can only access authorized data in Cisco SD-WAN Manager.

Token Management

Users can generate, copy, download, and delete JWTs within Cisco SD-WAN Manager. Only one active token is allowed per account, and each token automatically expires after approximately ten years.

Role-Based Access

JWT adhere to the user's role, providing access only to the APIs that the user is authorized to use. For example, a user with access only to configuration groups will have a JWT that grants API access solely to those groups.

Authenticate Using JWT

Here's a workflow illustrating how JWT facilitate secure interaction between Cisco SD-WAN Manager and an external third-party application.