Using cURL to authenticate with JWT Bearer tokens

What I learned today — 29 August 2018

Postman doesn’t have nice support for authenticating with an API that uses simple JWT authentication and Bearer tokens. Whatever the question, cURL is usually the answer.

Get the Bearer token using cURL and jq

TOKEN=$(curl -s -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' --data '{"username":"{username}","password":"{password}","rememberMe":false}' https://{hostname}/api/authenticate | jq -r '.id_token')

In this example the API expects a POST body with “username”, “password” and “rememberMe” fields. Adapt according to your own needs.

jq is used to parse the JSON response, which contains the token in a field called “id_token”.

Pass the Bearer token in the Authorization header

curl -H 'Accept: application/json' -H "Authorization: Bearer ${TOKEN}" https://{hostname}/api/myresource

Niel de Wet

Written by

Full-stack developer at South African blockchain startup

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade