Three-Project Series

JSON Web Token (JWT) Authentication for APIs you own this product

intermediate Java • basics of Java Spring • basics of SQL and JDBC
skills learned
testing APIs with Postman • adding an authentication layer using JSON Web Tokens (JWT) • identifying implementation vulnerabilities
Sashank Dara
3 weeks · 6-8 hours per week average · BEGINNER

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

In this series of liveProjects, you’re a software developer at a startup called SimplySpend, which helps companies track employee spending. You are entrusted with building procurement applications by creating REST APIs for web and mobile apps. As the apps contain sensitive financial information, you need to add JWT (JSON Web Token)-based authentication and authorization. You’ll use a JWT mechanism to ensure an API is secure against different types of attacks, while still remaining accessible for clients. Each project in this series covers a different part of token authentication, so you can learn the skills that are most relevant to you.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

here's what's included

Project 1 Authentication
In this liveProject, you’ll implement authentication using JSON Web Tokens (JWT) for a REST API. You’ll set up sign-up, login, and logout functionality, as well as authenticated retrieval of user details. You’ll even generate the skeleton implementation of the API, then test your code with Postman.
Project 2 Authorization
In this liveProject, you’ll implement role-based access controls to authorize user operations with JWT. You’ll set up a workflow whereby a purchase order must be approved by a manager, and then develop a functionality to remove permissions from a user once they leave an organization.
Project 3 Fixing Vulnerabilities
In this liveProject, you will secure your REST API by identifying and fixing the basic vulnerabilities in JWT implementations in addition to tackling Cross-Site Scripting vulnerabilities, finding and fixing Cross-Site Request Forgery vulnerabilities, and exploiting and then securing Cross-Origin Resource Sharing misconfiguration.

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • JSON Web Token (JWT) Authentication for APIs project for free

project author

Sashank Dara

Sashank Dara received his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He’s an expert cybersecurity technologist with more than 17 years of experience in the field, including as a consultant advisor for Manipal Global Education Services’ cybersecurity programs and as a security technology and strategy advisor for security startups including Appknox, Haltdos, and He remains a trusted information security consultant and advisor for top companies in EdTech, IT/ITes, academia, and real estate. He’s the co-inventor of 5 U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security, and he’s published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. A prolific speaker at security conferences and invited talks, Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.


This liveProject is for developers who know the basics of REST API development, and who want to add JWT authentication to their toolbox. To begin this liveProject, you will need to be familiar with the following:

  • Intermediate Java
  • Basics of Java Spring
  • Basics of SQL and JDBC
  • Basics of Linux and command line
  • Java IDEs such as Eclipse or IntelliJ IDEA
  • Testing APIs via PostMan
  • Basic debugging
  • Code reviews
  • Code refactoring
  • Unit testing
  • you will learn

    In this liveProject, you’ll learn reliable techniques for securing any REST API with JWT.

    • Understanding the Procurement API specified in Open API Specification 3.0 using Swagger
    • Setting up the environment to run the reference API implementation provided using Java
    • Testing the basic functionality of the reference API implementation using Postman
    • Adding an authentication layer using JSON Web Tokens (JWT)
    • Identifying the implementation vulnerabilities
    • Fixing the Java code to remediate the vulnerabilities identified
    • Retesting the new code for functionality using Postman


    You choose the schedule and decide how much time to invest as you build your project.
    Project roadmap
    Each project is divided into several achievable steps.
    Get Help
    While within the liveProject platform, get help from other participants and our expert mentors.
    Compare with others
    For each step, compare your deliverable to the solutions by the author and other participants.
    book resources
    Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.