What is JWT

Json Web Tokens (JWT) is an open standard for JSON to transfer claims between web application environments. JWT statements are generally used to pass authenticated user identity information between identity providers and service providers.

How to use JWT

If the JWT switch is on, each request needs to include token information for TronGrid to verify. Requests that failed the verification will not be responded. Each account can create up to 3 JWTs. When creating a JWT, the public key created by the user is required (RS256 is now supported). ID and Fingerprint will be generated after the public key is filled in.


1.Generate RSA key pair

In order to use JWT in the project, you need to generate a public/private key pair first. TronGrid currently supports the algorithm RS256. Please make sure you keep the private key secret!

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

You need to enter an easy-to-understand name to identify the key and the text in the key file. It should be a PEM-encoded file (for example, generated by OpenSSL). It usually looks like this:

-----END PUBLIC KEY-----

2.Generate token

Method 1: Java code
Import the jjwt package

compile 'io.jsonwebtoken:jjwt-api:0.11.2'
runtime 'io.jsonwebtoken:jjwt-impl:0.11.2'
runtime 'io.jsonwebtoken:jjwt-jackson:0.11.2'

Call createSignedJwtRsa256 to generate token

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.spongycastle.util.encoders.Base64;
public class JwtTest {
 private static PublicKey getRSAPublicKey(String inputKey)
    throws NoSuchAlgorithmException, InvalidKeySpecException {
  String rsaPublicKey = inputKey.replace("-----BEGIN PUBLIC KEY-----", "");
  rsaPublicKey = rsaPublicKey.replace("-----END PUBLIC KEY-----", "");
  rsaPublicKey = rsaPublicKey.replace("\n", "");
  X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.decode(rsaPublicKey));
  KeyFactory kf = KeyFactory.getInstance("RSA");
  return kf.generatePublic(keySpec);
public void createSignedJwtRsa256() {
   * {
   *   "alg": "RS256",
   *   "typ": "JWT",
   *   "kid": "bdbd8dabcb8d49f3ae9732c14c9940ea"
   * }
   * {
   *   "exp": 1617736153,
   *   "aud": "trongrid.io",
   * }
   * */
  try {
    PrivateKey privateKey = getRSAPrivateKey(privateKeyStr);
    JwtBuilder builder = Jwts.builder()
        .setHeaderParam("alg", "RS256") 
        .setHeaderParam("typ", "JWT") 
        .setHeaderParam("kid", "XXXXXXXXXXX") // your jwt key id
        .claim("exp", 1617736153) 
        .claim("aud", "trongrid.io") 
        .signWith(privateKey, SignatureAlgorithm.RS256);
    String token = builder.compact();
  } catch (Exception e) {
    assert false;

Method 2: Jwt website

  1. Go to the website: https://jwt.io/

  2. Select RSA256 algorithm

  3. Enter header, kid is the id of JWT; after adding JWT to the key, view it from the key configuration

{  "alg": "RS256",
   "typ": "JWT",
   "kid": "XXXXXXX" // id of jwt
  1. Enter payload,If exp has no expiration time, you can leave it blank
   "exp": "1617736153",
   "aud": "trongrid.io" 
  1. In VERIFY SIGNATURE, enter the public key and private key respectively.

  2. In ENCODED, you can see the generated token.

3. Use token

Add an Authorization field to the request header with the value: Bearer XXXXXX,
where XXXX is a token, and there is a space between token and Bearer.


curl -X POST \
  https://api.trongrid.io/wallet/createtransaction \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer xxxxxx' \
  -H 'TRON-PRO-API-KEY: 25f66928-0b70-48cd-9ac6-da6f8247c663' \
  -d '{
    "to_address": "41e9d79cc47518930bc322d9bf7cddd260a0260a8d",
    "owner_address": "41D1E7A6BC354106CB410E65FF8B181C600FF14292",
    "amount": 1000
import requests

url = "https://api.trongrid.io/wallet/createtransaction"

payload = "{\n    \"to_address\": \"41e9d79cc47518930bc322d9bf7cddd260a0260a8d\",\n    \"owner_address\": \"41D1E7A6BC354106CB410E65FF8B181C600FF14292\",\n    \"amount\": 1000\n}"
headers = {
    'Authorization': "Bearer xxxxxx",
    'Content-Type': "application/json",
    'TRON-PRO-API-KEY': "25f66928-0b70-48cd-9ac6-da6f8247c663"
response = requests.request("POST", url, data=payload, headers=headers)
var request = require("request");

var options = { method: 'POST',
  url: 'https://api.trongrid.io/wallet/createtransaction',
  headers: {  
     'Authorization': 'Bearer xxxxxx',
     'TRON-PRO-API-KEY': '25f66928-0b70-48cd-9ac6-da6f8247c663',
     'Content-Type': 'application/json' 
  body: { 
      to_address: '41e9d79cc47518930bc322d9bf7cddd260a0260a8d',
     owner_address: '41D1E7A6BC354106CB410E65FF8B181C600FF14292',
     amount: 1000 
  json: true 

request(options, function (error, response, body) {
  if (error) throw new Error(error);


The "typ" in the header is fixed to "JWT".
Currently only RS256 is supported; ES256 will be supported in future versions.
Therefore, the alg field in the header is currently fixed to RS256.
The "aud" in the playload is fixed to "trongrid.io".

     "alg": "RS256",
     "typ": "JWT",
     "kid": "bdbd8dabcb8d49f3ae9732c14c9940ea" // your jwt id
   "exp": 1617736153,
   "aud": "trongrid.io"