Getting started
Requests authentication with JWT

JWT Authentication

When you're Paid Tier DRPC user and have enabled JSON web token in your key settings, JWTs are used as addiitonal layer of security to authenticate your requests.

How to use JWTs

Step 1: Generate Public/Private Key Pair

## RS256
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pembas
## ES256
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
openssl ec -in private.pem -pubout -out public.pembash
  • Generate a fingerprint of your public key for verification
Make sure your private key stays private

Step 2: Configure JWT in the DRPC dashboard

1). Enable JWT in your key settings:

  • Log into the DRPC dashboard.
  • Navigate to the Key settings page and enable JSON web token section.

Enable JWT Authentication

2). Upload Public Key:

  • Upload your public key.

Adding public key

3). Verify Fingerprint:

  • DRPC generates a Fingerprint for the public key.
  • Ensure this Fingerprint matches the one from your public key, confirming the key's integrity and authenticity.

Added public key

Step 3: Set Up JWT Authentication Server

  • Implement a server (e.g., using Express.js) to generate JWTs using the private key and provide clients with an endpoint to fetch JWTs.
const fs = require("fs");
const jwt = require("jsonwebtoken");
// The fingerprint/id value of the public key that was uploaded to DRPC
function generateJWT() {
// Read the private key from our 'private.pem' file
const privateKey = fs.readFileSync("../private.pem");
    const signOptions = {
        algorithm: "RS256", // DRPC supports RS256 and ES256
        expiresIn: "30d", // When the token will expire? ( 30 days from now )
        header: {
            kid: KEY_ID,
    const GENERATED_JWT = jwt.sign({}, privateKey, signOptions);
    // Log the newly created JWT
// Generate and log

Step 4: Client Application Integration

  • Fetch and store JWT: Modify your client application to request a JWT from your server and store it for API requests to DRPC.

Step 5: Authenticate Requests to DRPC

  • Include JWT in API Requests: Use the fetched JWT in the Authorization header for secure communication with DRPC.
curl -X POST -H 'Content-Type: application/json' -H 'Drpc-Key: YOUR-DRPC-KEY' \
-H 'Authorization: GENERATED_JWT' \
-d '{"method": "eth_blockNumber","params": [],"id": "1","jsonrpc": "2.0"}' \

Step 6: DRPC verifies JWT

DRPC validates the JWT in each request using the public key that user has uploaded.