> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flipt.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Using JSON Web Tokens

> This document explains how to handle JSON Web Tokens via both HTTP and gRPC.

## HTTP

JSON Web Tokens can only be presented via HTTP requests in the form of an `Authorization` header.

### `Authorization` Header

For applications that communicate with Flipt over HTTP, the `Authorization` header is required.

It must be provided in the form `Authorization: JWT <jwt>`.

The following examples illustrate this in the context of various programming languages:

<CodeGroup>
  ```go client.go theme={null}
  import (
    "context"
    "net/http"
  )

  func main() {
    req := http.NewRequest("GET", "https://flipt.your.instance/api/v1/flags", nil)
    req.Header.Set("Authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

    resp, err := http.Do(req)
    // ...
  }
  ```

  ```typescript client.ts theme={null}
  import fetch from 'node-fetch';

  const headers = { 'Authorization': 'JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c' }
  const response = await fetch('https://flipt.your.instance/api/v1/flags', { headers: headers })
  ```

  ```python client.py theme={null}
  import requests

  def doRequest():

    headers ={"Authorization": "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}
    requests.get("https://flipt.your.instance/api/v1/flags", headers=headers)

    return
  ```
</CodeGroup>

## GRPC

For gRPC we use the [Metadata](https://grpc.io/docs/what-is-grpc/core-concepts/#metadata) functionality similar to HTTP Headers.
The lower-case `authorization` metadata key should be supplied with a single string `JWT <jwt>` to any RPC calls.

### Example

The following example authenticates a single gRPC client request:

```go rpc.go theme={null}
func DoRequest(ctx context.Context, flagKey string) {
  ctx := metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")

  flag, err := flipt.GetFlags(ctx, &flipt.GetFlagRequest{
    Key: flagKey,
  })

  //...
}
```

This subsequent example demonstrates using a client unary interceptor, which authenticates all outgoing requests:

```go interceptor.go theme={null}
func AuthUnaryClientInterceptor(optFuncs ...CallOption) grpc.UnaryClientInterceptor {
    return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
        ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
        return invoker(ctx, method, req, reply, cc, opts...)
	}
}
```