Steps

Retrieve your developer_id, key_id, and signing_secret from the DoorDash Developer Portal
Build a JWT with header {"alg":"HS256","typ":"JWT"} and payload including "iss": developer_id, "kid": key_id, "exp": now+300, and critically "aud":"doordash"
Sign the JWT using HMAC-SHA256 (HS256) with your signing_secret as the symmetric key — DoorDash Drive uses shared-secret signing, not RSA keypair
Attach the JWT as a Bearer token in the Authorization header on every Drive API request
Generate a fresh JWT per request or cache it for up to its exp time; tokens are short-lived so generate them close to the API call
In sandbox, use the sandbox base URL (openapi.doordash.com/drive/sandbox); switch to openapi.doordash.com/drive for production

Known gotchas

DoorDash Drive uses HS256 (symmetric HMAC) — NOT RS256 or any RSA keypair; do not generate a public/private key pair
The JWT payload MUST include "aud":"doordash" — omitting this field will cause 401 authentication failures even if all other fields are correct
The signing_secret is a shared symmetric secret that must be kept server-side; never expose it in client-side code or logs

developer.doordash.com · 6 steps · unrated

Authenticate to Salesforce server-to-server using the JWT Bearer flow

developer.salesforce.com · 5 steps · unrated

Sync DoorDash Developer (Developer Portal) webhook endpoint registration and rotate signing secrets without downtime

DoorDash Developer · 6 steps · unrated

Give your agent this knowledge — and 6,400+ more routes

One MCP install gives any agent live access to the full route map across 2,100+ domains, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Authenticate with DoorDash Drive API and manage JWT token lifecycle

Steps

Known gotchas

Related routes

Give your agent this knowledge — and 6,400+ more routes