GC runs 2024-9.900.0. The Express middleware catches interaction.wrapup events, but JWT verification bombs on the Authorization header. jsonwebtoken throws JsonWebTokenError: invalid signature. Clock skew’s set to 60 seconds, yet the payload timestamp drifts by 120 seconds during peak load.
jwt.verify returns the error immediately. Rotating the API key did jack all. The payload structure looks solid, keys match, but the HMAC calculation mismatches.