> ## Documentation Index
> Fetch the complete documentation index at: https://docs.membrane.agency/llms.txt
> Use this file to discover all available pages before exploring further.

# Membrane Token

# Membrane Token Authentication

Membrane Token authentication uses Membrane's built-in token system for authentication.
This is typically used for internal connectors or services that are aware of Membrane.

Membrane Token authentication is useful for:

* Services that are specifically designed to work with Membrane
* Testing and development scenarios

## Connector Definition

Example Membrane Token connector definition:

```yaml theme={null}
# Connector definition: Use Membrane's built-in token authentication
type: membrane-token
```

With this authentication method, Membrane will add authentication headers to all requests to your API. It will contain a [JSON Web Token](https://jwt.io) signed by the Workspace Secret. The token will contain the following claims:

* `iss` - Issuer, will be the key of the workspace integration runs in.
* `sub` - Subject, will be the ID of the user who owns the integration being run.
* `fields` - Fields of the user who owns the integration being run.

## Headers

When using `membrane-token` authentication, Membrane sends **two headers** for backward compatibility:

* `X-Membrane-Token` - The new, correctly named header (recommended)
* `X-Integration-App-Token` - Legacy header (for backward compatibility)

Both headers contain the same JWT token value.

You can decode and verify either token to authenticate the request:

```typescript theme={null}
import jwt from 'jsonwebtoken'

// Use the new header (recommended)
const token = headers['x-membrane-token'] || headers['x-integration-app-token']
const workspaceSecret = process.env.WORKSPACE_SECRET

// Verify token
const decoded = jwt.verify(token, workspaceSecret)
// decoded will contain: { iss, sub, fields }
```

## Migration from Legacy Token

If you're migrating from `integration-app-token` authentication:

1. Update your connector definition to use `type: membrane-token`
2. **Optional**: Update your code to read from the `X-Membrane-Token` header instead of `X-Integration-App-Token`
3. The `X-Integration-App-Token` header will continue to be sent for backward compatibility

## Legacy Support

For backward compatibility, connectors using the deprecated `integration-app-token` type will continue to work and will only receive the `X-Integration-App-Token` header.
