If it comes to testing REST APIs, I’m a big fan of Postman. But for quick and command-line testing, I always prefer to use cURL. For developing and testing protected endpoints, we need to pass an authorization header. How can we do this with cURL?
Example of using Bearer tokens:
1 |
$ curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com |
Example request (invalid token):
1 |
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Impha3ViQHdwLnBsIiwiaXNzIjoiY291cnNlIn0.wwRWNypw0tLkhnyKPQZ7RSIOlGuwZx3eFEIz2A7r6Ji" http://localhost:8000/protected |
Response:
1 |
{"message":"signature is invalid","status":401} |
Example request (valid token):
1 |
Success! |
More information about jwt tokens and authentication mechanism: