If it comes to testing REST APIs I’m a big fan of Postman. But for quick and command line testing I always prefer to use cURL. For developing and testing protected endpoints we need to pass an authorization header. How can we do this with cURL?
Example of using Bearer tokens:
$ curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.comExample request (invalid token):
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Impha3ViQHdwLnBsIiwiaXNzIjoiY291cnNlIn0.wwRWNypw0tLkhnyKPQZ7RSIOlGuwZx3eFEIz2A7r6Ji" http://localhost:8000/protectedResponse:
{"message":"signature is invalid","status":401}Example request (valid token):
Success!More information about jwt tokens and authentication mechanism: