Skip to main content
Global-e sends notifications to merchants or platforms, upon completion of asynchronous operations, detected errors, and other cases. To secure the notifications issued by Global-e to merchants and ensure that only the addressee receiving can read them, Global-e uses the JWT authorization method. Each API call from Global-e to the merchant URL will also include the authorization token in the header. Global-e provides the merchants with a public key. Private and public keys are used to encrypt and decrypt the data. The private key is kept on the Global-e side, and the public key is shared with the Platform side to receive the notifications. The same public key is used for all merchants. Merchants authenticating Global-e calls with JWT (Global-e > Merchant calls)
  1. Global-e provides a public key to the merchant. See below.
  2. The global-e integration engineer enables the MAS JWTAuthEnabledparameter to be TRUE for all endpoints.
  3. The merchant sets authentication by issuing API calls using the authenticating token provided as input and encrypted format.
Global-e Public Keys Global-e provides two public keys for merchants: One for the test environment and one for production. All merchants use the same public keys. The following are the public keys:
  • Public key in test environments - used for STAGING, QA, and QA-INT environment
  • Production Public Key
This authentication is currently supported only for SFCC.