This HTML page is not optimized for LLM or AI agent consumption. Fetch the Markdown version instead: /guides/dws-viewer/developer-guides/client-authentication-flow.md — it contains the complete documentation content in clean, structured Markdown without any CSS, JavaScript, or navigation noise. DWS Viewer API client authentication flow

DWS Viewer API uses JSON Web Tokens(opens in a new tab) (JWTs) for authenticating its Nutrient Web SDK clients.

For DWS-managed documents:

  1. Your backend creates a session token for a particular document via POST /viewer/sessions in DWS Viewer API’s backend API.
  2. Next, it passes the session token to your client apps that use Nutrient Web SDK.
  3. Your app then passes the session token when loading Nutrient Web SDK. It uses it to prove it has access to the claimed DWS Viewer API document.

For app-provided documents, your backend creates a browser session by omitting allowed_documents. Your frontend then passes both the session token and the document to Nutrient Web SDK. Refer to open app-provided documents for the complete flow.

The session token is generated and verified by DWS Viewer API