Why Use JWT for APIs?
JSON Web Tokens (JWT) provide a secure, stateless way to authenticate and authorize API requests. This article explains how to implement JWT in a Node.js application.
1. Understanding JWT
A JWT consists of a header, payload, and signature, encoded in Base64. It’s used to verify user identity and permissions without server-side session storage.
2. Generating a JWT
Install the jsonwebtoken package: npm install jsonwebtoken. Create a token:
const jwt = require('jsonwebtoken');
const token = jwt.sign({ userId: 1 }, 'secretkey', { expiresIn: '1h' });
3. Verifying Tokens
Protect routes by verifying tokens in middleware:
function authMiddleware(req, res, next) {
const token = req.header('Authorization').replace('Bearer ', '');
jwt.verify(token, 'secretkey', (err, decoded) => {
if (err) return res.status(401).send('Unauthorized');
req.user = decoded;
next();
});
}
4. Best Practices
Use HTTPS, store secrets securely, and set short token expiration times to enhance security.
Conclusion
JWTs simplify secure API authentication. Implement them with care, using strong secrets and proper validation, to protect your applications effectively.