Skip to content
Postman API Testing Tips

How To Create Jwt Token Using Postman

API Testing Blog

How to Create and Use JWT Tokens in Postman for API Testing

JSON Web Tokens (JWT) are a standardized, compact, and self-contained way for securely transmitting information between parties as JSON objects. Common use cases include authentication and authorization. Postman, a popular API testing platform, provides tools to interact with JWT-based APIs, making it a valuable tool for developers and testers working with these APIs.

Generating a JWT Token Using Postman

For this example, we will use a hypothetical API that requires JWT authentication. The API specifies the following endpoint for obtaining a JWT:

POST /api/auth/login

Step 1: Send a Login Request:

  • Open Postman and create a new request.
  • Set the HTTP method to POST and the URL to /api/auth/login.
  • In the body tab, add the necessary login credentials (e.g., username and password) as a JSON object, such as:
{
  "username": "testuser",
  "password": "testpassword"
}
  • Send the request and observe the response.

Step 2: Extract the JWT Token:

  • The response from the /api/auth/login endpoint should contain the JWT token.
  • You can extract the token using a Postman test script. A simple example:
pm.test("JWT Token Retrieved", () => {
  const jwtToken = pm.response.json().token;
  pm.environment.set("jwtToken", jwtToken);
  console.log("JWT Token:", jwtToken);
});
  • This script retrieves the token from the response body (pm.response.json().token), stores it in an environment variable named “jwtToken” (pm.environment.set("jwtToken", jwtToken)), and logs it to the console.

Using the JWT Token in Subsequent Requests

Step 3: Set the Authorization Header:

  • Authorization header: The JWT token must be included in the Authorization header of your subsequent requests to the API.
  • In Postman, select the request you want to authorize and click the Authorization tab.
  • Choose Bearer Token as the type.
  • In the Token field, enter your JWT token (you can reference the environment variable using ${jwtToken}).

Example:

  • This example demonstrates a GET request for /api/users that is authenticated using the previously generated JWT token.

  • Request URL: GET /api/users

  • Authorization:

    • Type: Bearer Token
    • Token: ${jwtToken}

Step 4: Send the Request:

  • Send your authenticated request to the API.
  • The API will now verify the JWT and grant you access to the requested resource if the token is valid.

JWT Token Verification

Step 5: Understand JWT Structure:

  • Header: Contains information like the token type (e.g., JWT) and the encoding algorithm used (e.g., HS256).
  • Payload: Carries the claims about the user or the information being transmitted. It is often encoded using base64.
  • Signature: Ensures token integrity and authenticity. It is generated using a secret key and a cryptographic algorithm.

Step 6: Verify JWT Claims:

  • You can analyze the JWT payload to verify the user or resource information and identify potential issues.

Troubleshooting:

  • If you encounter errors during JWT authentication, check that you are correctly sending the JWT in the Authorization header.
  • Ensure that the API server’s JWT secret key matches the one used to generate the token.
  • Debug the JWT payload to verify the contents and the expiration time.

Conclusion

Creating and utilizing JWT tokens in Postman for API testing helps streamline the process of authenticating to your APIs and validating the functionality of different endpoints. This guide has provided a comprehensive approach to handling JWTs using Postman, making your API testing workflow more efficient and effective.

API Testing Blog