## Authentication

eKuiper support ``JWT RSA256`` authentication for the RESTful management APIs since ``1.4.0`` if enabled . Users need put their Public Key in ``etc/mgmt`` folder and use the corresponding Private key to sign the JWT Tokens.
When user request the RESTful apis, put the ``Token`` in http request headers in the following format:
```go
Authorization: XXXXXXXXXXXXXXX
```
If the token is correct, eKuiper will respond the result; otherwise, it will return http ``401``code.


### JWT Header

```json
{
  "typ": "JWT",
  "alg": "RS256"
}
```


### JWT payload
The JWT Payload should use the following format

|  field   | optional |  meaning  |
|  ----  | ----  | ----  |
| iss  | false| Issuer , must use the same name with the public key put in ``etc/mgmt``|
| aud  | false |Audience , must be ``eKuiper`` |
| exp  | true |Expiration Time |
| jti  | true |JWT ID |
| iat  | true |Issued At |
| nbf  | true |Not Before |
| sub  | true |Subject |

There is an example in json format
```json
{
  "iss": "sample_key.pub",
  "adu": "eKuiper"
}
```
When use this format, user must make sure the correct Public key file ``sample_key.pub`` are under ``etc/mgmt`` .

### JWT Signature

need use the Private key to sign the Tokens and put the corresponding Public Key in ``etc/mgmt`` .