diff --git a/DigitalData.Core.Security/Config/TokenDescription.cs b/DigitalData.Core.Security/Config/TokenDescription.cs
index 2e188a9..0d68966 100644
--- a/DigitalData.Core.Security/Config/TokenDescription.cs
+++ b/DigitalData.Core.Security/Config/TokenDescription.cs
@@ -8,6 +8,8 @@ namespace DigitalData.Core.Security.Config
     /// </summary>
     public class TokenDescription : IUniqueSecurityContext
     {
+        public string? ApiRoute { get; init; }
+
         /// <summary>
         /// Gets or sets the value of the 'audience' claim.
         /// </summary>
diff --git a/DigitalData.Core.Security/JwtSignatureHandler.cs b/DigitalData.Core.Security/JwtSignatureHandler.cs
index c98200e..07adde3 100644
--- a/DigitalData.Core.Security/JwtSignatureHandler.cs
+++ b/DigitalData.Core.Security/JwtSignatureHandler.cs
@@ -36,7 +36,7 @@ namespace DigitalData.Core.Security
         public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience)
         {
             var description = _tokenDescriptions?.Get(issuer: issuer, audience: audience)
-                ?? throw new InvalidOperationException($"No token description found for issuer '{issuer}' and audience '{audience}'.");
+                ?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'.");
 
             description.SigningCredentials = _cryptHandler.Decryptors
                 .Get(issuer: issuer, audience: audience)
@@ -45,10 +45,24 @@ namespace DigitalData.Core.Security
             return CreateToken(subject: subject, description: description);
         }
 
+        public SecurityToken CreateToken(TPrincipal subject, string apiRoute)
+        {
+            var description = _tokenDescriptions?.SingleOrDefault(description => description.ApiRoute == apiRoute)
+                ?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'.");
+
+            description.SigningCredentials = _cryptHandler.Decryptors
+                .Get(issuer: description.Issuer, audience: description.Audience)
+                .CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest);
+
+            return CreateToken(subject: subject, description: description);
+        }
+
         public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor));
 
         public string WriteToken(TPrincipal subject, TokenDescription description) => WriteToken(CreateToken(subject: subject, description: description));
 
         public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));
+
+        public string WriteToken(TPrincipal subject, string apiRoute) => WriteToken(CreateToken(subject: subject, apiRoute: apiRoute));
     }
 }
\ No newline at end of file