---
title: "Add JWT Authentication to Your Micronaut API"
description: "Secure your Micronaut API using JWT authentication with JWKS."
canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/java/micronaut/jwt-backend"
framework: "Micronaut"
language: "Java"
authStrategy: "JWT with JWKS"
pageType: use-case
---

# Add JWT Authentication to Your Micronaut API

Secure your Micronaut API using JWT authentication with JWKS.

## How Zuplo Handles It

Let Zuplo issue short-lived JWTs signed with a JWKS your Micronaut backend can verify — no long-lived API keys touch your origin.

## Micronaut Backend Code

```java
import io.micronaut.context.annotation.Requires;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.filters.SecurityFilter;
import io.micronaut.runtime.Micronaut;
import io.micronaut.security.rules.SecurityRule;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.HttpStatus;
import io.micronaut.security.token.jwt.signature.jwks.JwksSignature;
import io.micronaut.security.token.jwt.validator.JwtTokenValidator;
import io.micronaut.security.token.validator.TokenValidator;
import jakarta.inject.Singleton;
import java.util.Optional;

@Singleton
@Requires(property = "spec.name", value = "jwksJwtAuth")
class JwtConfig {

    @Singleton
    TokenValidator createTokenValidator() {
        return new JwtTokenValidator(JwksSignature.builder()
                .url("https://my-api-a32f34.zuplo.api/__zuplo/issuer/.well-known/jwks.json")
                .build());
    }
}

@Controller("/api")
public class ProtectedController {

    @Get("/protected")
    @io.micronaut.security.annotation.Secured(SecurityRule.IS_AUTHENTICATED)
    public String protectedEndpoint(Authentication authentication) {
        return "Access granted for user: " + authentication.getName();
    }
}

public class Application {
    public static void main(String[] args) {
        Micronaut.run(Application.class, args);
    }
}

// application.yml
micronaut:
  security:
    enabled: true
    token:
      jwt:
        signatures:
          jwks:
            url: "https://my-api-a32f34.zuplo.api/__zuplo/issuer/.well-known/jwks.json"
```

## Example Request

```bash
curl -X GET \
  'https://your-api.zuplo.dev/your-route' \
  -H 'Authorization: Bearer YOUR_API_KEY'
```

## Learn More

- [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound)
- [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound)
- [All use cases](https://zuplo.com/use-cases)