Show/Hide Toolbars

Additional Resources

Introduction > Integration of Additional Thereforeā„¢ eSignature Providers

Validation Token


All Thereforeā„¢ components send a validation token as part of the header. As the service is nothing more than just a proxy, this is to protect the service from unwanted usage by others. The key for validating the token can be received from the Thereforeā„¢ Server Service by using the Web API. The key is generated the first time the eSignature functionality is used in the Designer.


Make the URL for the Web API part of the service configuration!


By calling the Web API method GetPublicSettingString using the parameter SettingKey with value 3108, the public key needed for validating the token is returned. As the Web API supports SOAP and JSON, make sure to use the correct endpoint.


Sample Web API endpoint for JSON: http://localhost:8000/theservice/v0001/restun/GetPublicSettingString

Make sure to use the restun or soapun endpoint. This allows retrieving the public key without authentication.


Sample JSON request for getting the public key:



 "SettingKey": 3108




The returned value is a base64 encoded string. After decoding it to a byte array, a X509 certificate object can be created from it. When using Microsoft .NET, it can be used as constructor parameter for the X509Certificate2 class.

Another important value for validating the token is the audience. The only valid audience is "b00752bc-bd9b-4501-ba69-5578a03adceb".


Validation code in C#:


using System.IdentityModel.Tokens.Jwt; // requires a nuget package

using System.Security.Cryptography.X509Certificates;

using Microsoft.IdentityModel.Tokens;


private void ValidateToken(string token, X509Certificate2 cert)


 JwtSecurityToken loadedToken = new JwtSecurityToken(token);



      TokenValidationParameters validationParameters = new TokenValidationParameters();

      validationParameters.IssuerSigningKey = cert;

      validationParameters.ValidAudience = "b00752bc-bd9b-4501-ba69-5578a03adceb"; // the Thereforeā„¢ Server audience

      validationParameters.ValidIssuer = loadedToken.Issuer;


      SecurityToken validatedToken;

         JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();


         // throws a SecurityTokenException if the validation fails

      handler.ValidateToken(token, validationParameters, out validatedToken);


       catch (SecurityTokenException ex)


               throw new Exception("Token invalid.");


       catch (Exception ex)


               throw new Exception("An error occurred during token validation.");




When the method finishes without exception, the validation was successful.

Ā© 2024 Therefore Corporation, all rights reserved.