2 Answers. Yes this is possible by structuring your requests appropriately. For system requests use OAuth 1.0 (consumer key as before), but encode it to include the OAuth credentials in the URL not in the headers. Having the OAuth credentials in the Authorisation header triggers the JWT error.