How to Use JWT (JSON Web Tokens) for API Authentication in Python

 How to Use JWT (JSON Web Tokens) for API Authentication in Python

JWT (JSON Web Tokens) is a compact, URL-safe way to securely transmit information between parties. It is widely used for API authentication and user identity verification in web applications.


This guide shows how to use JWT for API authentication in Python using Flask and the PyJWT library.


πŸ”§ Tools and Libraries You’ll Need

Python 3.x


Flask (a lightweight Python web framework)


PyJWT (pyjwt library for encoding/decoding JWTs)


Install required packages:


bash

Copy

Edit

pip install Flask PyJWT

πŸ” Step-by-Step: Using JWT for API Authentication

1. Setup a Simple Flask API

python

Copy

Edit

from flask import Flask, request, jsonify


app = Flask(__name__)

app.config['SECRET_KEY'] = 'your_secret_key'  # Use a secure, random key

2. Generate JWT on Login

When a user logs in successfully, you return a JWT.


python

Copy

Edit

import jwt

import datetime


@app.route('/login', methods=['POST'])

def login():

    auth_data = request.get_json()

    username = auth_data.get('username')

    password = auth_data.get('password')


    # Simulated user check (replace with real validation)

    if username == 'admin' and password == 'password':

        token = jwt.encode({

            'user': username,

            'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=1)

        }, app.config['SECRET_KEY'], algorithm='HS256')


        return jsonify({'token': token})

    

    return jsonify({'message': 'Invalid credentials'}), 401

3. Protect Routes with JWT Authentication

Use a decorator to verify the token before granting access.


python

Copy

Edit

from functools import wraps


def token_required(f):

    @wraps(f)

    def decorated(*args, **kwargs):

        token = None


        if 'Authorization' in request.headers:

            token = request.headers['Authorization'].split()[1]  # Bearer <token>


        if not token:

            return jsonify({'message': 'Token is missing!'}), 403


        try:

            data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])

            current_user = data['user']

        except jwt.ExpiredSignatureError:

            return jsonify({'message': 'Token has expired!'}), 401

        except jwt.InvalidTokenError:

            return jsonify({'message': 'Invalid token!'}), 401


        return f(current_user, *args, **kwargs)


    return decorated

4. Create a Protected Route

python

Copy

Edit

@app.route('/protected', methods=['GET'])

@token_required

def protected(current_user):

    return jsonify({'message': f'Hello, {current_user}. You are authenticated!'})

πŸ§ͺ How to Test It

Login to get the token:


bash

Copy

Edit

curl -X POST http://localhost:5000/login -H "Content-Type: application/json" \

-d '{"username": "admin", "password": "password"}'

Access the protected route using the token:


bash

Copy

Edit

curl http://localhost:5000/protected -H "Authorization: Bearer <your_token_here>"

✅ Summary

Step Description

/login route Authenticates and returns a JWT

token_required Decorator that protects your endpoints

/protected A secure route that requires a valid token


πŸ”’ Security Tips

Use HTTPS to protect tokens in transit.


Store secret keys securely (e.g., in environment variables).


Always set an expiration (exp) on tokens.


Use refresh tokens for long-term sessions.

Learn Full Stack Python Course in Hyderabad

Read More

Introduction to Python for Full Stack Developers

Implementing User Authentication in Django

Authentication and Security

Building a Data-Driven Web Application with Python

Visit Our IHUB Talent Training Institute in Hyderabad

Get Directions

Comments

Post a Comment

Popular posts from this blog

How to Install and Set Up Selenium in Python (Step-by-Step)

 Here’s your step-by-step guide to installing and setting up Selenium in Python — perfect if you're just getting started with browser automation. πŸš€ 🐍 Step 1: Install Python If you haven’t already: Download Python: https://www.python.org/downloads/ Make sure to check the box "Add Python to PATH" during installation Verify installation: bash Copy Edit python --version pip --version πŸ“¦ Step 2: Install Selenium Library Open your terminal or command prompt and run: bash Copy Edit pip install selenium To verify: bash Copy Edit pip show selenium 🌐 Step 3: Download WebDriver for Your Browser Depending on what browser you want to automate: πŸ”Ή Chrome: Download ChromeDriver: ➡️ https://sites.google.com/chromium.org/driver/ Make sure the driver version matches your installed Chrome version. πŸ”Ή Firefox: Download GeckoDriver: ➡️ https://github.com/mozilla/geckodriver/releases Unzip and place the executable somewhere on your system, like: Windows: C:\WebDrivers\ Mac/Linux: /usr/local...
Read more

Tosca for API Testing: A Step-by-Step Tutorial

Tosca for API Testing: A Step-by-Step Tutorial Tricentis Tosca is a powerful and user-friendly test automation tool that supports a wide range of testing types — including API testing. With Tosca, you can easily design, automate, and execute API tests without writing any code. It supports REST, SOAP, and other service types, making it a great choice for end-to-end API validation. 🧰 What is Tosca API Testing? Tosca’s API testing allows testers to: Send requests (GET, POST, PUT, DELETE, etc.) Validate responses (status codes, body, headers) Chain requests and share data between them Perform security, load, and functional tests on APIs ✅ Step-by-Step Guide: Tosca API Testing πŸ”Ή Step 1: Open Tosca and Create a Workspace Launch Tosca Commander Create a new workspace (or open an existing one) Choose the workspace type as Multi-user or Single-user based on your setup πŸ”Ή Step 2: Add a New API Test Case Navigate to the Modules section. Right-click and choose Scan > API Scan. The API Scan wi...
Read more

Feeling Stuck in Manual Testing? Here’s Why You Should Learn Automation Testing

Feeling Stuck in Manual Testing? Here’s Why You Should Learn Automation Testing Are you feeling like your manual testing career is hitting a ceiling? You’re not alone. Many QA professionals start their careers in manual testing but soon realize the need to level up. If you’re wondering what’s next, automation testing might just be the breakthrough you need. Why Manual Testing Isn’t Enough Anymore Manual testing is essential, especially in exploratory, usability, and ad-hoc testing scenarios. But as applications grow more complex and development cycles become shorter, manual testing can’t keep up. Companies are looking for faster, more efficient testing methods—and that’s where automation comes in. Here are a few signs that you're stuck in manual testing: Repeating the same test cases for every build Working on tight deadlines with limited test coverage Seeing peers move ahead with automation skills Lack of growth in responsibilities or pay scale If any of this sounds familiar, it...
Read more