---
title: "Add JWT Authentication to Your Revel API"
description: "Secure your Revel API using JWT authentication with JWKS."
canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/go/revel/jwt-backend"
framework: "Revel"
language: "Go"
authStrategy: "JWT with JWKS"
pageType: use-case
---

# Add JWT Authentication to Your Revel API

Secure your Revel API using JWT authentication with JWKS.

## How Zuplo Handles It

Let Zuplo issue short-lived JWTs signed with a JWKS your Revel backend can verify — no long-lived API keys touch your origin.

## Revel Backend Code

```go
package controllers

import (
    "fmt"
    "strings"

    "github.com/revel/revel"
    jwt "github.com/golang-jwt/jwt/v4"
    "github.com/MicahParks/keyfunc"
)

const (
    jwksURL = "https://my-api-a32f34.zuplo.api/__zuplo/issuer/.well-known/jwks.json"
    issuer  = "https://my-api-a32f34.zuplo.api/__zuplo/issuer"
)

var jwks *keyfunc.JWKS

func init() {
    var err error
    jwks, err = keyfunc.Get(jwksURL, keyfunc.Options{})
    if err != nil {
        panic(fmt.Sprintf("Failed to create JWKS from URL: %s", err))
    }
}

type App struct {
    *revel.Controller
}

func (c App) checkJWT() revel.Result {
    authHeader := c.Request.Header.Get("Authorization")
    if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
        c.Response.Status = 401
        return c.RenderJSON(map[string]string{"error": "No token provided"})
    }

    tokenStr := strings.TrimPrefix(authHeader, "Bearer ")
    token, err := jwt.Parse(tokenStr, jwks.Keyfunc)

    if err != nil || !token.Valid {
        c.Response.Status = 401
        return c.RenderJSON(map[string]string{"error": "Invalid token"})
    }

    if claims, ok := token.Claims.(jwt.MapClaims); ok {
        if claims["iss"] != issuer {
            c.Response.Status = 401
            return c.RenderJSON(map[string]string{"error": "Invalid issuer"})
        }
        c.Args["user"] = claims
    }

    return nil
}

func (c App) Protected() revel.Result {
    if result := c.checkJWT(); result != nil {
        return result
    }

    user := c.Args["user"]
    return c.RenderJSON(map[string]interface{}{
        "message": "Access granted",
        "user":    user,
    })
}
```

## Example Request

```bash
curl -X GET \
  'https://your-api.zuplo.dev/your-route' \
  -H 'Authorization: Bearer YOUR_API_KEY'
```

## Learn More

- [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound)
- [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound)
- [All use cases](https://zuplo.com/use-cases)