chevron-up bell reply instagram twitter2 feed3 finder search-25px-p0

RESTful API with Authentication (Part 2)


Compared with HTTP Basic Authentication and Access Token, API Key + Security Key + Sign is the most frequently used way of creating RESTful with Authentication. One Example using such a (similar) protocol is JWT The workflow is (from its own website):

The JWT is just a string consisted of header, payload and signature.

  • Header
    Describe the basic informaton about the JWT, such as the encrpytion algorithm.

The above example shows this jwt is using HS256

  • Payload

iss: JWT issuer
iat: issued at what time
exp: JWT expiration date and time
aud: Audience claim, this JWT intended for which users
sub: Subject claim,

  • Signature

JWT is using base64 to encode payload and header and put them together and encrpyt with a secret provided by user in the following format:

Some JWT tools:

Related Post: RESTful API with Authentication (Part 1)