Using JSON Web Tokens (JWT)

You might be using JSON Web Tokens (JWT) as part of the authentication process in your API. In that case, there is a chance you need to encode or decode JWT token as part of your testing workflow. RapidAPI Testing allows you to perform this action right within your testing flow.

JWT Encode

We will first start with JWT encoding. Let's walk through a simple example where you want to verify that your endpoint generates a correct JWT token.

First, we can use the JWT encode step to encode a default test user information.

1. Variable is the name of variable in which the resulting token is stored. In the example below, if subsequent steps need to use the token, we will access it through jwt_token.
2. Secret, Payload, and Header are where you enter your secret, payload, and header, respectively.

We can then use jwt_token as variable in subsequent steps to access the token we just generated.

JWT Decode

Next, JWT decoding. We will use another simple example where we have a JWT token that we want to decode in order to verify the user name encoded in it.

First, we will add the JWT Decode step.

1. Enter the token that we want to decode in the Token field.
2. Enter a named variable in the Variable field. This is how we will access the decoded information in subsequent steps of the test.
3. If you want the JWT signature to be validated as part of this step, you can provide the secret in the Secret field. Note that if the signature does not validate, this step will fail.

As a result of above step, the decoded payload is now stored in decodedToken variable. Let's say our next step is to assert that the name encoded in the token was John Doe. We can simply add an Assert Equals step, with decodedToken.name as the Expression, and John Doe as the Value.