LogoLogo
  • User Guide
    • Getting Started
      • Building a Usage-Based Product in Revenium
      • Setting Up & Using API Analytics & Observability
      • Setting Up & Using Product Analytics
      • Sending Data to Revenium's Metering API
      • Key Concepts & Relationships
    • Connect Your Data
      • cURL Commands for Testing
      • Container-Native Metering
      • Kong
        • Kubernetes Installation
      • Salesforce
        • Revenium Unmanaged Package
          • Anypoint API Experience Hub (AEH)
            • Anypoint API Experience Hub Unmanaged Package Post Installation Instructions
          • Anypoint Community Manager (ACM)
            • Anypoint Community Manager Package Post Installation Instructions
        • Revenium Lightning Web Components
          • Add Components to Experience Cloud site
          • Drop-In Storefront
          • Product Card
          • Product Card (Anypoint)
          • Product Checkout
          • Product Details Button
          • Usage History
          • API Access Requester
      • MuleSoft
        • Metering Policy Configuration
        • Offline Metering Policy Configuration
        • Anypoint API & API Group Synchronization
        • Revenium Connector
        • Disable Default Anypoint Community Manager (ACM) Email Notifications
      • Gravitee
      • Istio
      • Envoy
      • AWS API Gateway
      • Python & Django
      • Golang
      • Spring Boot
      • .Net
      • NodeJs
      • Java/JVM
      • Snowflake
      • Azure API Management
      • IBM
      • Custom Integrations Using Metering Beacons
        • JWT Enrichment
      • Offline Metering via Log Parsing
    • Sources
      • Metering Elements
      • Alerts
        • Alert History
    • API Keys
    • Products & Pricing
      • Product Lines
      • Pricing Rules
        • Revenium Scripting Language
          • RSL Reference
        • Execution Logs
      • SLA Definitions
      • SLA Violation Review
    • Customers
      • Customers
      • Subscribers
      • Subscriptions
      • Subscribers Credentials
      • Subscribers Notifications
    • Billing and Invoicing
      • Manage Refunds
    • Analytics
      • Revenue Analytics
      • Product Analytics
        • Custom Reports (Products)
      • Subscriber Analytics
        • New Subscribers
        • (Daily/Weekly/Monthly) Active Subscribers
        • Most Engaged Subscribers & Customers
        • Historical Usage
      • API Analytics
        • Performance & Availability
        • Compare Periods
        • Traffic by Geography
        • Advanced Search
        • Custom Reports
    • Profile
      • Profile
      • Revenium API Documentation
    • Settings
      • Revenium Users & Organizations
        • Access Permissions by User Type
      • Revenium Subscription
      • Revenium Organizations
      • Notification Templates
      • Transactions Logs
        • Analytics Transaction Log
        • Product Transaction Log
        • Subscription Audit Log
        • No Code Transaction Testing
      • Integrations
        • Data Sync
        • Export Configurations
        • Notification Providers
        • Payment Configurations
          • Customer VAT ID Support
        • ERP Configurations
        • External Integration Logs
        • Identity Providers
      • System Logs
      • Default Configuration Limits
Powered by GitBook

© Revenium - www.revenium.io

On this page
  1. User Guide
  2. Connect Your Data
  3. Custom Integrations Using Metering Beacons

JWT Enrichment

JWT enrichment allows end subscribers API requests to be enhanced with metadata stored in Revenium's platform to enable customized API responses based upon the user making the API call.

Last updated 10 months ago

JWT Enrichment is commonly used to support use cases for which a backend application needs information stored about the Subscriber's subscription in Revenium to determine which information how to reply to a subscriber query. For example, you could use JWT enrichment to enhance a Subscriber's API call with their company name or email address to allow a backend application to match the call to a subscriber license and determine which fields to return in the API call (i.e. fields tied to a 'premium' subscription versus a 'standard' subscription'

By incorporating a custom JWT claim into metered API requests, Revenium propagates the following metadata to backend API implementations:

Field
Description

organization

The organization the invoked API / product belongs to.

consumingOrganization

The organization of the API subscriber

subscriber

The email address of the API subscriber

product

The name of the product the API belongs to

productTags

The tags associated with the product

subscriptionTags

The tags associated with the subscription

productVersion

The version of the product the API belongs to

sources

The other sources associated with the product the API belongs to

expiration

The expiration date of the subscription associated with the API subscriber

totalQuota

The quota associated with the product being invoked

consumedQuota

The amount of quota being subscribed.

subscriptionStart

The start of the subscription

subscriptionPeriodStart

The start of the current subscription period

subscriptionPeriodEnd

The end of the current subscription period

The JWT claim is propagated in the "X-HYPERCURRENT-CLAIM" header which can be parsed by the backend API implementation using any standard .

Here is an example of a decoded Revenium JWT claim:

{
  "consumedQuota": 0,
  "product": "An API Product",
  "productTags" [
    "tag1",
    "tag2"
  ],
  "productVersion": "1.0.0",
  "assets": [
    "TA01"
  ],
  "organization": "Test Organization",
  "iss": "Revenium",
  "expiration": null,
  "totalQuota": 5000,
  "consumedQuota": 200,
  "consumingOrganization": "Test Organization",
  "consumer": "gerry@hypercurrent.io",
  "subscriptionStart": 1700168904000,
  "subscriptionPeriodStart": 1700168804000,
  "subscriptionPeriodEnd": 1700168904000
}

Here is Revenium's public key for JWT decoding:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXwrndxL7l1a3ULqTUCQ
/4uM3MjJE2RgEYlStBz4mqjgCmfFF4AMXqZSkNewiB0XlcpRlqmLYsyMok87Y6Du
Fco5isZn5ndrE2lOK3vveyEPqEMJW5yVot29IGWAn1yRXAXwI/LpZ7G6gYHerNOS
LWj3utEzuWKcTIGMjwNWTAK9nmZJLuzz3+I9D6HwVq6IAQKrLiA8GzABqVgKMPgu
nGtJhQ1iAc4WSuHl0f/xFdwZLi3FiAETayl2lGptCpLu+UOawQGo+r5metwczR1Q
RFr7mmbUqQ1HSrDax9KmHtNIhGzP6FOmH3DeEIf3ATEz0K+iXz/fencXix4PRrRP
TwIDAQAB
-----END PUBLIC KEY-----

JWT Parsing Example (Java)

String base64PublicKey = publicKey
        .replace("-----BEGIN PUBLIC KEY-----", "")
        .replace("-----END PUBLIC KEY-----", "")
        .replaceAll("\\s", "");

byte[] publicKeyDER = Base64.getDecoder().decode(base64PublicKey);

X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyDER);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKey publicKeyInstance = (RSAPublicKey) keyFactory.generatePublic(keySpec);

// Construct the JWT verifier
Algorithm algorithm = Algorithm.RSA256(publicKeyInstance, null);
JWTVerifier verifier = JWT.require(algorithm)
        .withIssuer("HyperCurrent")
        .build();

// Decode the JWT
DecodedJWT jwt = verifier.verify(token);

// Extract claims
jwt.getClaim("organization").asString();
jwt.getClaim("consumingOrganization").asString();
...

The following code snippet uses the to decode and parse a JWT:

JWT Library
Auth0 JWT library