Is custom app secure enough to store JWT secrets

I have a serverless custom app installed in one product (Freshcaller) and it needs to hit another product’s API.
To authenticate this, we are going for JWT. It is a runtime generated JWT token so we need to store the secret somewhere within the custom app.

Is the custom app secure enough to store JWT secret? And if yes, where could I possibly store it?

1 Like

You can use secure installation params (iparams), which are iparams with secure: true property.

4 Likes

Hi @Sujith_M,
Good Day!
you can use data store API to store your JWT secrets if you are storing from the App,
or if you are generating JWT from Iparams, then you can use secure installation params (iparams).

Hope it helps :slight_smile:

Thanks

5 Likes