---
title: "Add JWT Authentication to Your Vert.x API"
description: "Secure your Vert.x API using JWT authentication with JWKS."
canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/javapolyglot/vertx/jwt-backend"
framework: "Vert.x"
language: "Java/Polyglot"
authStrategy: "JWT with JWKS"
pageType: use-case
---

# Add JWT Authentication to Your Vert.x API

Secure your Vert.x API using JWT authentication with JWKS.

## How Zuplo Handles It

Let Zuplo issue short-lived JWTs signed with a JWKS your Vert.x backend can verify — no long-lived API keys touch your origin.

## Vert.x Backend Code

```java
import io.vertx.core.AbstractVerticle;
import io.vertx.core.http.HttpServerResponse;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.auth.jwt.impl.jwk.JWKProvider;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.JWTAuthHandler;

public class JwtAuthExample extends AbstractVerticle {

    @Override
    public void start() {
        Router router = Router.router(vertx);

        // Set the JWKS URI
        String jwksUri = "https://my-api-a32f34.zuplo.api/__zuplo/issuer/.well-known/jwks.json";

        // Create the JWK provider
        JWKProvider jwkProvider = new JWKProvider(vertx, jwksUri);

        // Configure the JWT Auth options
        JWTAuthOptions config = new JWTAuthOptions()
            .setJwkProvider(jwkProvider)
            .setJWTOptions(new JWTOptions().addIssuer("https://my-api-a32f34.zuplo.api/__zuplo/issuer").setAlgorithm("RS256"));

        // Create the JWT Auth provider
        JWTAuth provider = JWTAuth.create(vertx, config);

        // Protect the route with JWT authentication
        router.route("/protected").handler(JWTAuthHandler.create(provider)).handler(this::handleProtectedRoute);

        // Setup the HTTP server
        vertx.createHttpServer()
            .requestHandler(router)
            .listen(8080, result -> {
                if (result.succeeded()) {
                    System.out.println("Server started on port 8080");
                } else {
                    System.err.println("Failed to start server: " + result.cause());
                }
            });
    }

    private void handleProtectedRoute(RoutingContext context) {
        HttpServerResponse response = context.response();
        response.putHeader("content-type", "application/json");
        response.end("{\"message\":\"Access granted\", \"user\":" + context.user().principal().encode() + "}");
    }
}
```

## Example Request

```bash
curl -X GET \
  'https://your-api.zuplo.dev/your-route' \
  -H 'Authorization: Bearer YOUR_API_KEY'
```

## Learn More

- [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound)
- [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound)
- [All use cases](https://zuplo.com/use-cases)