Authentication

ZedTech APIs use OAuth 2.0 with JWT access tokens.

Tokens are signed using RS256 and can be validated using our JWKS endpoint.

Auth Server:

https://auth.zed.co.ug

JWKS:

https://auth.zed.co.ug/.well-known/jwks.json

OAuth flow

ZedTech uses the Client Credentials Grant for server-to-server integrations.

Flow:

Client → Request Token
Auth Server → Returns JWT
Client → Calls API using Bearer Token
API → Validates token using JWKS

Request token

Endpoint:

POST /oauth/token

Example:

{
  "grant_type": "client_credentials",
  "api_key": "YOUR_API_KEY"
}

Response:

{
  "access_token": "JWT_TOKEN",
  "token_type": "Bearer",
  "expires_in": 3600
}

Token claims

Typical JWT payload:

{
  "iss": "https://auth.zed.co.ug",
  "aud": "zed-api",
  "sub": "client_id",
  "scope": "payments:read payments:write",
  "iat": 1700000000,
  "exp": 1700003600
}

Token validation

APIs must validate:

• Signature using JWKS
• Token expiration
• Issuer (iss)
• Audience (aud)

Authentication

OAuth flow#

Request token#

Token claims#

Token validation#

OAuth flow

Request token

Token claims

Token validation