Token based authentication

[alexander-chi]

Good afternoon,
I've started trying out payload in order to test its functionality with a view to replacing strapi. My only question is when using token authentication, why choose to require the Authorization header to be prefixed with "JWT" instead of the more conventional "Bearer"?

[DanRibbens]

Hey @alexander-chi,
We had the JWT as part of the authorization header to differentiate from other auth schemes. Now that I'm reviewing it based on your feedback, it may be something we consider changing. You may be interested in reading our documentation about api keys if you haven't already: https://payloadcms.com/docs/authentication/config#api-keys

Thanks for your interest in Payload and let us know if you have more questions!

[DanRibbens]

Hows it going @alexander-chi?
Let us know if we can help with anything.

[alexander-chi]

Hi there! thanks for your quick response and sorry for my slow reply. Our team is getting on fine thank you. We have been able to implement Payload in a test project and it's working really well for us. The discussion I raised does not affect the functionality of the project, I just raised the question out of curiosity.

Thanks again,

Alex

[gycsabesz]

Hi @DanRibbens, I'm a new Playload CMS user and I was trying to figure out how to use REST API with authorization token (i.e.: without cookies).

I think it is missing from the documentation that you need to use JWT <TOKEN> as Authorization header.

Obviously, what I tried first is the traditional Bearer prefix. Then I went through on several pages of PayloadCMS doc, but no luck. Luckily I found this discussion, which resolved my issue 😄

[DavidOliver]

@gycsabesz, it's at the bottom of https://payloadcms.com/docs/authentication/overview :)

[gycsabesz]

That's true, I didn't notice that one. :-/