JSON JWT Tokens not working

Hi, I have been working with version 1.9 for a short while and have had no problem with tokens. I use the Google REST console to test the API and first I get a token using http://xxx/api/v2/user/session and putting username and password in the body and of the app name in the header…as described like this and POST

“email”: "test2@zegaphone.com",
“password”: “user123”,
“duration”: 3600
and setting in the header

X-DreamFactory-Application-Name to be my app name

But when I do exactly the same thing in V2 I get a reply that appears to be a page written by Yahoo!

Here are the first few lines of it…

/* Copyright (c) 2010, Yahoo! Inc. All rights reserved. Code licensed under the BSD License: http://developer.yahoo.com/yui/license.html */ html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,i

Any ideas anyone…I am baffled! Where on earth does this page come from?

Somehow the Yahoo page got knocked off, but my question is any ideas whiy I get a Yahoo HTML page when I do the same POST to V2 as I did to 1.9?

Check out these links.


Thank you, these tutorials cracked it for me. I had the JWT token in the header but I was missing the API key. For those reading this the API key is autogenerated under Apps and there you assign a role which you have previous created. The role gives access to the services and voila a perfectly firmed system for access rights.

1 Like

Similar to http://wiki.dreamfactory.com/DreamFactory/Tutorials/Access_Using_JWT_and_API_Key

I expected the json calls to not work without JWT. But right now I am able to make calls with just API_KEY. How do I make sure that the JWT is a must for the json to show.

It seems that your api key has a default role attached to it. Remove the default role for the app (api key) and then you will require a session token as well.

Thanks Drew. I suppose that if I remove API option from the roles-access-requester then it will force JWT on each call. How will we put the JWT logic etc into each request, as of now the calls have stopped working.

Is there a step by step tutorial on this as I suppose this is one of the most critical things to do in deploying api.

Thanks for your help.

1 Like

Check out this info in the docs:


1 Like