Associating Required JSON Web Token Claims with REST API Methods

The Add JSON Web Token Claims dialog enables you to specify the claims that must be present in a JSON Web Token (JWT) in order to access a Jade REST API method. As long as one or more required claims are associated with a method, any incoming REST request must include a JSON Web Token in the authorization header of the HTTP request; that is, it must include a header of the form Authorization: Bearer <Token>.

When a REST API method (a method of a subclass of the JadeRestService class, associated with an application of type Rest Services or Rest Services, Non‑Gui) has required claims associated with it, a new method is generated and added to the class of that method. This method is named the same as the REST API method except that it is prefixed with s__ and is hereafter known as a shadow method. The shadow method is used by the REST service to get the JadeRequiredClaimAnnotations associated with the REST API method.

From Jade 2025, you can configure JSON Web Token (JWT) authentication at the class level, applying the specified JWT claims to all REST methods defined on that class and its subclasses (excluding imported classes). Both class‑level and method‑level JWT authentication is inherited by subclasses, and can be reimplemented at the subclass level. For details, see "Associating Required JSON Web Token Claims with REST Classes", elsewhere in this document.

Method‑level JWT authentication always takes precedence over class‑level authentication, even when no JWT claims are defined at method level.

From Jade 2025 R2, visual indicators in the Methods List of the Class Browser help you to identify REST methods and REST methods that are protected by JWT claims.

Methods defined on a subclass of JadeRestService (excluding imported classes) that meet the criteria for a valid REST method are now displayed with a dedicated REST icon (a blue cloud) that enables you to quickly and easily identify methods that are valid REST methods.
A variation of this icon (a blue cloud with a padlock) is used to identify valid REST methods that are protected by one or more JWT claims.

These icons, which replace the standard method access icons (for example, public or private) when displayed, are intended as a visual aid during development only. They must not be relied upon as the sole means of determining whether a method is a REST endpoint, or whether it is protected by JWT claims.

In a source-stripped system, the icons never display the protected variant, even if the method is protected.

The icons are displayed only in the hierarchy browser; not in other browsers (for example, sub‑browsers or the Senders Browser).

As the shadow method is generated, it should not be modified. If you want to modify the claim associated with the REST API method, use the Add JSON Web Token Claims dialog to modify an existing set of required claims.

2020.0.01 and higher