--- title: "Add JWT Authentication to Your undefined API" description: undefined canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/lua/kong/jwt-backend" framework: undefined language: undefined authStrategy: "JWT with JWKS" pageType: use-case --- # Add JWT Authentication to Your undefined API ## How Zuplo Handles It Let Zuplo issue short-lived JWTs signed with a JWKS your undefined backend can verify — no long-lived API keys touch your origin. ## undefined Backend Code ```lua -- Make sure to install and configure the required plugins in Kong: 'jwt' and 'jwt-keyset'. -- Add the JWKS URI and other configurations in your service/route configuration. -- Step 1: Define the service local service = { name = "my_service", url = "https://my-api.zuplo.com", } -- Step 2: Define the route and enable JWT plugin local route = { service = { id = service.id, }, paths = {"/protected"}, plugins = { { name = "jwt", config = { key_claim_name = "kid", keyset = { name = "my_keyset", jwks_uri = "https://my-api-a32f34.zuplo.api/__zuplo/issuer/.well-known/jwks.json", cache = true, cache_ttl = 600, -- Cache JWKS for 10 minutes }, algorithms = {"RS256"}, claims_to_verify = {"exp", "nbf"}, upstream_headers = { ["Authorization"] = "Bearer %s", } } } } } -- Step 3: Error handling via custom plugins (if needed) -- For example, log errors, alert, or customize error responses. -- Example route for demonstration purpose: -- This is already protected by the JWT plugin specified above. local function example_handler(self, conf) local response = { message = "Access granted", user = kong.ctx.shared.jwt_claims -- Extracted user claims from the JWT token } kong.response.exit(200, response) end -- Note: This code assumes the necessary setup and configuration in Kong for services, -- routes, and JWT plugin is appropriately made via the Admin API or declarative config. ``` ## Example Request ```bash curl -X GET \ 'https://your-api.zuplo.dev/your-route' \ -H 'Authorization: Bearer YOUR_API_KEY' ``` ## Learn More - [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound) - [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound) - [All use cases](https://zuplo.com/use-cases)