Documentation

Use the API to generate JWT-tokens on demand.

Create token

Use the API to create a token

POST /api/token

Body JSON payload

{
  "security": {
    "algorithm": "HS256",
    "secret": "my-super-secret-key-12345"
  },
  "durationInSeconds": 233,
  "registeredClaims": {
    "sub": "123213",
    "iss": "https://auth.yourservice.com",
    "aud": "https://api.yourservice.com"
  }
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3ODEyOTkwNDcsIm5iZiI6MTc4MTI5OTA0NywiZXhwIjoxNzgxMjk5MjgwLCJqdGkiOiJkZTAyNmI4OC00NGUxLTRlMTUtOWQyZi1jYjFhZGY3MGI0NjEiLCJzdWIiOiIxMjMyMTMiLCJpc3MiOiJodHRwczovL2F1dGgueW91cnNlcnZpY2UuY29tIiwiYXVkIjoiaHR0cHM6Ly9hcGkueW91cnNlcnZpY2UuY29tIn0.EWQ8zkhV_z4tXclB_Z9nQ1DpLLF6jNVelgdOPQYjRh4",
  "data": {
    "alg": "HS256",
    "typ": "JWT",
    "iat": 1781299047,
    "nbf": 1781299047,
    "exp": 1781299280,
    "jti": "de026b88-44e1-4e15-9d2f-cb1adf70b461",
    "sub": "123213",
    "iss": "https://auth.yourservice.com",
    "aud": "https://api.yourservice.com"
  }
}

Using the token in API clients

You can use the generated token directly as a Bearer authentication header in tools like Bruno, Postman, and similar API clients. With a simple post-response script, the token can be automatically captured and injected into your collection’s requests, ensuring every call is authenticated without manual copy-pasting. Just extract the token and set Authorization: Bearer <token> at the collection or environment level for seamless request chaining.

For JWT authentication to work as intended, the API you are testing must use the same signing algorithm and secret as the token configuration. If these do not match, signature verification will fail and the token will be rejected even if it is structurally valid.