diff --git a/EnvelopeGenerator.API/AuthScheme.cs b/EnvelopeGenerator.API/AuthScheme.cs
new file mode 100644
index 00000000..5f2a2699
--- /dev/null
+++ b/EnvelopeGenerator.API/AuthScheme.cs
@@ -0,0 +1,12 @@
+namespace EnvelopeGenerator.API;
+
+/// <summary>
+/// 
+/// </summary>
+public static class AuthScheme
+{
+    /// <summary>
+    /// Scheme name used for per-envelope receiver JWT authentication.
+    /// </summary>
+    public const string Receiver = "EnvelopeGenerator.API.EnvelopeReceiverJwt";
+}
diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs
index b97c2d99..fdcbd4c0 100644
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -21,6 +21,7 @@ using EnvelopeGenerator.API.Options;
 using NLog.Web;
 using NLog;
 using DigitalData.Auth.Claims;
+using EnvelopeGenerator.API;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -130,9 +131,6 @@ try
 
     var authTokenKeys = config.GetOrDefault<AuthTokenKeys>();
 
-    // Scheme name used for per-envelope receiver JWT authentication.
-    const string EnvelopeReceiverScheme = "EnvelopeReceiverJwt";
-
     builder.Services.AddAuthentication(options =>
     {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -176,7 +174,7 @@ try
         // last path segment of the request URL.
         // This enables simultaneous authentication for multiple envelopes
         // within the same browser session.
-        .AddJwtBearer(EnvelopeReceiverScheme, opt =>
+        .AddJwtBearer(AuthScheme.Receiver, opt =>
         {
             opt.TokenValidationParameters = new TokenValidationParameters
             {
@@ -245,7 +243,7 @@ try
         .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender))
 
         .AddPolicy(AuthPolicy.Receiver, policy => policy
-            .AddAuthenticationSchemes(EnvelopeReceiverScheme)
+            .AddAuthenticationSchemes(AuthScheme.Receiver)
             .RequireAuthenticatedUser()
             .RequireRole(Role.Receiver.Full, "receiver"))