> ## Documentation Index
> Fetch the complete documentation index at: https://dev.smile.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Customer tokens

The SDK uses customer tokens to securely recognize and identify the currently logged-in customer during [initialization](/js/smile/initialize). In practice, a customer token is a [JSON Web Token (JWT)](https://www.jwt.io/introduction) that has been generated securely on your platform's backend and is signed using the HS256 algorithm with one of your account's [signing keys](https://help.smile.io/en/articles/11878129-manage-signing-keys).

<Warning>
  Customer tokens should never be generated on the frontend or in mobile app source code, as this risks exposing your signing key (a sensitive account secret) to the general public.
</Warning>

## JWT headers

When generating a customer token, the values in the JWT header are constant and never change:

```json JSON theme={null}
{
  "alg": "HS256",
  "typ": "JWT"
}
```

## JWT payload

When generating a customer token, the payload of the JWT should be dynamic, e.g.

```json JSON theme={null}
{
  "aud": "api.smile.io",
  "sub": "<customer identifier>",
  "exp": "<time in seconds>"
}
```

* `aud` — The intended recipient of the JWT (should always be `api.smile.io`).
* `sub` — An identifier for the currently logged-in customer (see notes below).
* `exp` — When the JWT expires (recommendation: 5 minutes after JWT is generated).

### Customer identifiers (`sub` values)

You can identify the logged-in customer by providing a `sub` claim in the payload of the JWT in one of the following supported formats. Choose the appropriate format based on which unique identifier you have available for the currently logged-in customer.

| Type of ID                  | Format                        | Example value                   |
| --------------------------- | ----------------------------- | ------------------------------- |
| Smile Customer ID           | `SmileCustomer:{id}`          | `SmileCustomer:304169228`       |
| Shopify Customer ID         | `ShopifyCustomer:{id}`        | `ShopifyCustomer:10733458`      |
| BigCommerce Customer ID     | `BigCommerceCustomer:{id}`    | `BigCommerceCustomer:7398675`   |
| Custom Platform Customer ID | `CustomPlatformCustomer:{id}` | `CustomPlatformCustomer:937485` |

<Warning>
  The Custom Platform Customer ID format will only function for legacy merchants (pre-2018) on custom e-commerce platforms. All other merchants should use one of the other supported formats.
</Warning>

## JWT generation example

<CodeGroup>
  ```ruby Ruby lines theme={null}
  # Generating a customer token from a Ruby backend
  shopify_customer_id = '10733458'
  signing_key = 'sig_a5b85911214932b56b360ac956ddb392'

  payload = {
    aud: 'api.smile.io',
    sub: "ShopifyCustomer:#{shopify_customer_id}",
    exp: Time.now.to_i + 300 # Set expiry to 5 minutes
  }

  customer_token = JWT.encode(
    payload, signing_key, 'HS256', { typ: 'JWT' }
  )
  ```

  ```javascript JavaScript lines theme={null}
  // Generating a customer token from a JS backend
  import jwt from 'jsonwebtoken';

  const shopifyCustomerId = '10733458';
  const signingKey = 'sig_a5b85911214932b56b360ac956ddb392';

  const payload = {
    aud: 'api.smile.io',
    sub: `ShopifyCustomer:${shopifyCustomerId}`,
    exp: Math.floor(Date.now() / 1000) + 300 // 5 minutes from now
  };

  const customerToken = jwt.sign(
    payload,
    signingKey,
    { algorithm: 'HS256', header: { typ: 'JWT' } }
  );
  ```
</CodeGroup>
