Open in app

Sign in

Write

Sign in

How to Secure Your API With JSON Web Tokens

A simple way of adding authorization to your Express app

Ferenc Almasi
6 min readApr 3, 2020
How to secure Express REST API with JWT

When dealing with APIs, we often have to think about restricting resources and routes. We can usually do this with the use of sessions. Sessions are stored in memory on the server-side.

But, we can also switch things around and take another approach. Store everything inside a token, which is stored on the client-side. We will take a look at how this can be achieved with the use of JWT.

Okay, so what is JWT?

What is JWT?

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

The most common scenario for using JWT is for authorization. Once a user is logged in, each subsequent request will include a token. This token allows the user to access routes and make requests that are only permitted to authenticated users.

Each token is made up of three parts:

  • header: contains information about the algorithm and the token type
  • payload: contains arbitrary data. Usually, you would store information that identifies the user. Such as an id…

--

--

Ferenc Almasi

Written by Ferenc Almasi

1.1K Followers

💻 Frontend dev • ✍️ Creator of webtips.dev • 🐦 Tweets at @WebtipsHQ

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams