JWT Token for API Endpoints

I’m using CMS pages (not plugins) to construct an API, according to the last documentation:


The endpoints are working fine, but now I need to implement authorization. So, I think the best approach is to use JWT tokens.
I found a plugin (Vdomah.JWTAuth) to manage JWT Authentication. Now I’m able to log in a user (defined within Rainlab.User plugin) and get a valid token. But I can’t figure out how to use the provided middleware to protect the API pages that I have created in the active theme.

Any suggestions or comments will be greatly appreciated.

Hi @jeraso

For this you can create a layout and use it as middleware. Assuming that the JWTAuth package has a “check” function JWTAuth::authenticate(), you can use it to abort the request. For example:

description = "My Layout"
function onStart()
    if (!JWTAuth::authenticate()) {
        return Response::make(['message' => 'Auth Failed'], 403);
{% page %}

Then use this layout for the API pages.

Thanks for your answer.

Some days ago, I realized the way to use a layout as middleware, by reading the documentation and the support entries for the plugin.