Authentication

Reach uses JSON Web Tokens (JWT) for secure authentication. Each token links a user in your system to a user in Reach.

Please reach out to [email protected] to get a Shared Secret for your platform in order to generate JWT tokens.

If your app enforces security headers like Content Security Policy (CSP) or Cross-Origin Opener Policy (COOP), see Security Headers (CSP & COOP) for required configurations.

Tenant Scoped JWT Token Requirements

Your tenant-scoped JWT token must include the following fields:

Field	Description	Required
email	User’s email address	Yes
name	User’s display name	Yes
externalId	Your system’s unique ID for this user	Yes
tenantExternalId	Your system’s ID for the user’s business	Yes
partnerId	Your unique vertical saas platform identifier provided by Reach	Yes
iat	Issued at time (in seconds since epoch)	Yes
exp	Expiration time (in seconds since epoch)	Yes

Never expose your Shared Secret on the client side. JWT generation must always be handled server-side.

Token Lifecycle

We recommend tokens expire after 1 hour (3600 seconds). The Reach SDK handles token expiration by calling your onReauthRequested callback when a token expires.

For a full server side example of how to generate JWT Tokens that are compatible with Reach please see the examples section here.

Introduction

Core Products

Implementation

Code Samples

Tenant Scoped JWT Token Requirements

Token Lifecycle

Introduction

Core Products

Implementation

Code Samples

​Tenant Scoped JWT Token Requirements

​Token Lifecycle

Tenant Scoped JWT Token Requirements

Token Lifecycle