diff --git a/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts b/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts
index dda8a7e4fa..ebabfed631 100644
--- a/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts
+++ b/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts
@@ -4,11 +4,11 @@ import convict, { Schema, Config, SchemaObj } from "convict";
 import { ipaddress } from "convict-format-with-validator";
 import { v4 as uuidV4 } from "uuid";
 import { JWK, JWS } from "jose";
+import type { Options as ExpressJwtOptions } from "express-jwt";
 import {
   LoggerProvider,
   Logger,
   LogLevelDesc,
-  Strings,
 } from "@hyperledger/cactus-common";
 import {
   ConsortiumDatabase,
@@ -108,19 +108,7 @@ export class ConfigService {
       authorizationConfigJson: {
         doc: "The JSON string to deserialize when configuring authorization.",
         default: null as IAuthorizationConfig | null,
-        format: (json: string) => {
-          if (Strings.isString(json)) {
-            ConfigService.formatNonBlankString(json);
-            try {
-              const authzConf = JSON.parse(json) as IAuthorizationConfig;
-              return authzConf;
-            } catch (ex) {
-              throw new Error(`AUTHORIZATION_CONFIG_JSON invalid JSON`);
-            }
-          } else {
-            return json;
-          }
-        },
+        format: Object,
         env: "AUTHORIZATION_CONFIG_JSON",
         arg: "authorization-config-json",
       },
@@ -513,21 +501,25 @@ export class ConfigService {
 
     const jwtSecret = uuidV4();
 
+    const expressJwtOptions: ExpressJwtOptions = {
+      secret: jwtSecret,
+      algorithms: ["RS256"],
+      audience: "org.hyperledger.cactus.jwt.audience",
+      issuer: "org.hyperledger.cactus.jwt.issuer",
+    };
+
+    const authorizationConfigJson: IAuthorizationConfig = {
+      socketIoPath: Constants.SocketIoConnectionPathV1,
+      unprotectedEndpointExemptions: [],
+      socketIoJwtOptions: {
+        secret: jwtSecret,
+      },
+      expressJwtOptions,
+    };
+
     return {
       authorizationProtocol: AuthorizationProtocol.JSON_WEB_TOKEN,
-      authorizationConfigJson: {
-        socketIoPath: Constants.SocketIoConnectionPathV1,
-        unprotectedEndpointExemptions: [],
-        socketIoJwtOptions: {
-          secret: jwtSecret,
-        },
-        expressJwtOptions: {
-          secret: jwtSecret,
-          algorithms: ["RS256"],
-          audience: "org.hyperledger.cactus.jwt.audience",
-          issuer: "org.hyperledger.cactus.jwt.issuer",
-        },
-      },
+      authorizationConfigJson,
       configFile: ".config.json",
       cactusNodeId: uuidV4(),
       consortiumId: uuidV4(),
diff --git a/packages/cactus-cmd-api-server/src/test/typescript/unit/config/config-service-example-config-validity.test.ts b/packages/cactus-cmd-api-server/src/test/typescript/unit/config/config-service-example-config-validity.test.ts
new file mode 100644
index 0000000000..e73417d289
--- /dev/null
+++ b/packages/cactus-cmd-api-server/src/test/typescript/unit/config/config-service-example-config-validity.test.ts
@@ -0,0 +1,34 @@
+import { LoggerProvider } from "@hyperledger/cactus-common";
+import test, { Test } from "tape-promise/tape";
+
+import { IAuthorizationConfig } from "../../../../main/typescript/public-api";
+import { ApiServer } from "../../../../main/typescript/public-api";
+import { ConfigService } from "../../../../main/typescript/public-api";
+
+test("Generates valid example config for the API server", async (t: Test) => {
+  const configService = new ConfigService();
+  t.ok(configService, "Instantiated ConfigService truthy OK");
+
+  const exampleConfig = configService.newExampleConfig();
+  t.ok(exampleConfig, "configService.newExampleConfig() truthy OK");
+
+  // FIXME - this hack should not be necessary, we need to re-think how we
+  // do configuration parsing. The convict library may not be the path forward.
+  exampleConfig.authorizationConfigJson = (JSON.stringify(
+    exampleConfig.authorizationConfigJson,
+  ) as unknown) as IAuthorizationConfig;
+
+  exampleConfig.configFile = "";
+
+  const convictConfig = configService.newExampleConfigConvict(exampleConfig);
+  t.ok(convictConfig, "configService.newExampleConfigConvict() truthy OK");
+
+  const config = convictConfig.getProperties();
+  t.ok(config, "convictConfig.getProperties() truthy OK");
+
+  LoggerProvider.setLogLevel(config.logLevel);
+  const apiServer = new ApiServer({ config });
+  await apiServer.start();
+  test.onFinish(() => apiServer.shutdown());
+  t.end();
+});