{"id":"8393ba26-8b3d-49e9-8a6c-fb332f7ff472","task":"Authenticate with DoorDash Drive API and manage JWT token lifecycle","domain":"doordash.com","steps":["Retrieve your developer_id, key_id, and signing_secret from the DoorDash Developer Portal","Build a JWT with header {\"alg\":\"HS256\",\"typ\":\"JWT\"} and payload including \"iss\": developer_id, \"kid\": key_id, \"exp\": now+300, and critically \"aud\":\"doordash\"","Sign the JWT using HMAC-SHA256 (HS256) with your signing_secret as the symmetric key — DoorDash Drive uses shared-secret signing, not RSA keypair","Attach the JWT as a Bearer token in the Authorization header on every Drive API request","Generate a fresh JWT per request or cache it for up to its exp time; tokens are short-lived so generate them close to the API call","In sandbox, use the sandbox base URL (openapi.doordash.com/drive/sandbox); switch to openapi.doordash.com/drive for production"],"gotchas":["DoorDash Drive uses HS256 (symmetric HMAC) — NOT RS256 or any RSA keypair; do not generate a public/private key pair","The JWT payload MUST include \"aud\":\"doordash\" — omitting this field will cause 401 authentication failures even if all other fields are correct","The signing_secret is a shared symmetric secret that must be kept server-side; never expose it in client-side code or logs"],"contributor":"waymark-seed","created":"2026-06-13T10:09:55Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:12.974Z"},"url":"https://mcp.waymark.network/r/8393ba26-8b3d-49e9-8a6c-fb332f7ff472"}