const  timestamp  = Math.round(new Date().getTime());

let appid = "";

let appSecret = "";

function base64UrlEncode(str) {

   var encodedSource = CryptoJS.enc.Base64.stringify(str);

   var reg = new RegExp('/', 'g');

   encodedSource = encodedSource.replace(/=+$/,'').replace(/\+/g,'-').replace(reg,'_');

   return encodedSource;

}

let header = JSON.stringify({

  "alg": "HS256",

  "typ": "JWT"

})

let payload =JSON.stringify({

  "iat": timestamp,

  "exp": timestamp + 3600,

  "appId": appid

})

let before_sign = base64UrlEncode(CryptoJS.enc.Utf8.parse(header)) + '.' + base64UrlEncode(CryptoJS.enc.Utf8.parse(payload));

let  signature =CryptoJS.HmacSHA256(before_sign, appSecret);

 signature = base64UrlEncode(signature);

let final_sign = before_sign + '.' + signature;

apt.setRequestHeader("Authorization", "Bearer "+final_sign);