⚙️ Access Tokens in JWT Format

We’re updating our access tokens to a JSON Web Token format :tada:

Allow us to preemptively answer your questions! …

What change will we notice?
Our access tokens are currently around 80 bytes, with the new JWT format they could be up to 8KiB in length. Read more about JWTs here or here.

How could this impact my integration?
To ensure that this change won’t impact your integration, please be sure that your access token is not being stored in a fixed length variable. We would advice using dynamic memory allocation for this string value.

Will the deploy of this change cause temporary errors?
No, when the change is made your current access token will remain valid, the deploy of this change will not cause any authentication errors. When you next request a new access token, you will receive one in the new JWT format.

How can I test compatibility with this update?
We will rollout this change in our Sandbox environment previous to deploying it into production. On Wednesday 6th May this new JWT access token format will be available in our Sandbox environment. We encourage you to test out requesting new access tokens to ensure the change is compatible with your system.

When will this change be deployed into Production?

Update: We plan to deploy this change to Production on the 1st June.

If you have any questions or concerns please do reach out in the comments.

1 Like

Please note that the Production release date has been brought forward:

Update: We plan to deploy this change to Production on the 18th May.

Hi @Lauren,

If we are using any client libraries to communicate with the api, do we need to update any of the code?


Hi @Ivan,

We expect this change should not impact the client libraries. To check for yourself you can request a new access token in your Sandbox account via your integration and check that any calls made to the API with the new token are successful.


  • with postman calls and copy-paste in jwt the auth token.
  • tested in our dev environment and all alright.

Now we just have to wait for Monday for the change. :see_no_evil:


1 Like

Hello, is this change effective in sandbox ?
I still get class 64-characters tokens when I use the Oauth token API.

Hi @Mesoigner,

This change was temporarily disabled but will be back tomorrow at around 10am.
Note, the rollout to Production was postponed but should also be deployed in the morning.

Due to unforeseen complications, this change has been temporarily reverted back in Sandbox. The deploy of this change in Sandbox and Production are both currently on hold but could be live as soon as tomorrow.

We will be sure to update here once the changes are live, we apologise for any inconvenience caused by the moving timelines.

We apologise for the delay, but are happy to announce that this change is now live. :tada: