Bit by ChatbyteIdentity (JWT) Signing Secret
Get the secret key used to sign JWTs for Bit identity.
The Identity (JWT) Signing Secret is the shared secret used to sign JWTs for bit.identify. It appears in the dashboard as Identity (JWT) Signing Secret.
Where to find it
Open your agent in the dashboard and navigate to:
Agent Settings → Website Integration → Backend Token Generation
Keep it server-side
- Never expose the secret in frontend code.
- Store it in your server environment (for example
CHATBYTE_BIT_AGENT_SECRET). - Rotate it only when you are ready to update all signing logic.
Signing example (Node.js)
import jwt from 'jsonwebtoken';
const secret = process.env.CHATBYTE_BIT_AGENT_SECRET;
const token = jwt.sign(
{
sub: 'user-123',
email: 'alice@example.com',
name: 'Alice Smith',
metadata: {
plan: { value: 'pro' },
role: { value: 'admin', description: 'Workspace admin' },
},
aud: 'chatbyte',
},
secret,
{
algorithm: 'HS256',
expiresIn: '10m',
},
);Troubleshooting
- Tokens with expiry longer than 10 minutes are rejected.
- Tokens signed with algorithms other than HS256 are rejected.
- If identity fails, verify the secret matches the dashboard value.