This project is a secure REST API built using Flask that demonstrates user authentication and authorization using JSON Web Tokens (JWT). It allows users to register and log in securely, with passwords stored using hashing (bcrypt).
Once authenticated, users receive a JWT token, which must be included in requests to access protected endpoints. The API validates this token to ensure only authorized users can access sensitive routes.
The project focuses on implementing core security concepts such as password hashing, token-based authentication, and route protection in a simple and practical way. It is designed as a demonstration of backend security fundamentals commonly used in real-world applications.
- User Registration
- User Login
- Password Hashing using bcrypt
- JWT Token Generation
- Protected Routes (Token Required)
- Python (Flask)
- SQLite
- bcrypt
- PyJWT
- Postman (API testing)
git clone <your-repo-link>
cd <project-folder>
pip install -r requirements.txt
python create_db.py
python secure.py
POST /register
POST /login
GET /profile
Requires JWT token in header:
Authorization: Bearer <your_token>
- API can be tested using Postman
- Include JWT token in Authorization header for protected routes
- Database file is not included, will be created locally using create_db.py