Build A Node.js API Authentication With JWT Tutorial

In this episode we are going to create a node.js api that is going to handle Authentication for us in any application we want to use it in.

We are going to cover an authentication method using jwt. We will use mongodb as our database, mongoose to create models and to connect to our express server, bcryptjs to hash passwords and jwt to check for private routes.

❀Become a patreon for exclusive videos and more!

? Things covered in this video:
00:00:57 Introduction
00:02:32 Setting up express
00:08:12 Connecting to a database
00:14:22 .env files
00:16:39 Creating models in mongoose
00:19:34 Registering a user
00:25:40 Validation with Joi
00:42:35 Hashing passwords
00:48:53 Setting up the login route
00:57:25 Adding jsonwebtokens to our auth
01:03:25 Creating private routes with jwt

? Follow me on:


? Music:

LAKEY INSPIRED – Me 2 (Feat. Julian Avila)
Music By:

Dj Quads
Track Name: “Every Morning”
Music By: Dj Quads @

Creative Commons β€” Attribution-ShareAlike 3.0 Unportedβ€” CC BY-SA 3.0…

#nodejs #authentication #api

32 thoughts on “Build A Node.js API Authentication With JWT Tutorial”

  1. Hey fam, I checked one of your videos and I eventually found myself watching the next 3 days only at your tutorials!
    Great work! Super satisfying to see the ease you work with. Thumbs up from Bulgaria.

  2. VSCode is becoming more and more buggggy with each and every update. Just try an older version of VSCode and it will run so smooth without any visible bugs

  3. Hi dude, great tutorial it was a pleasure following thru πŸ˜€

    I have one proposition and would appreciate your feedback if you think is good idea.

    I reworked the validation into middleware as well like this:

    const validation = {}

    validation.register = (req, res, next) => {

    const schema = {

    name: Joi.string()


    email: Joi.string()




    password: Joi.string()




    const { error } = Joi.validate(req.body, schema)

    if (error) return res.status(400).send(error.details[0].message)



    module.exports = validation

    then in the route we remove the old validation and simply do the same as for the protected route, passing the new middleware.'/register', validation.register, async (req, res) => {………

    Great channel and content, thanks πŸ˜€

  4. Good content, but imo you should also spend some time explaining the theory behind JWT, Access Token and Refresh Token. What are the pros and cons etc… Currently the api isn't safe at all and that might mislead learning people if they think it is (What happend and what do you do if a jwt is stolen ?). Great content tho.

  5. When i tried to send the request at /register endpoint using postman, i got "Couldnt get any response" and there's no error message at my index.js file. What could go wrong with my postman ? my code was same as yours

  6. hi ed,
    first off all, cool tutorial. nice talking speed and good coverage of the topic for beginners.
    may i am allowed to give you 2 tips πŸ™‚
    1. joi can do alot more than you showed, e.g. datatype-transform, setting default values. its really usefull
    2. use eslint to fix/style youre code. it really improves the readability (espacially for beginners) and helps alot to understand what is really happening in the code

    just an idea to make a series out of this video, you could:
    1. replace nodemon with pm2 (covering multiple processes of the same js-file)
    2. useing "plop" for generate middleware, controllers, validations, endpoints
    3. replace express with restify
    4. explain more detailed the jwt (claims and other encryption techniques for the jwt -> public/private key -> public key comes in very handy to verify the token on the client side)
    5. making a small login-frontend with auto-renew-token after expireing

    first video i saw from you, now you have +1 sub πŸ™‚
    thx for sharing, you are an entertaining teacher πŸ™‚

  7. That was so good! Love your teaching style, really good pace and great practical examples that cover a lot of ground. Really useful, thanks a million. Will go check out your patreon page, keep up the good work, hope you're having a great day when you get this. Thanks again, Maz from NZ

  8. everyone does this tutorial but never does the front end part like how can you use this with ejs or something like that NOOB here silly questions please reply

  9. One hour, 7 minutes and 25 seconds in. I was kinda thirsty, so I took a sip of water. One hour, seven minutes and 35 seconds in, I almost died. Dude, you made my day πŸ™‚

  10. I usually do my dotenv at the very first line in one line like this require("dotenv").config();. You are then free to just use process.env.VARNAME anywhere in the file.

  11. is there a way to check if the password is really hashed? bc if it would fail the password just gets stored plain in the database!

  12. I am not trying to portrait bad image for traversy media but I saw their video and he was very direct didn't even try to create a clean code but I know he has a 23 min video , so he was fast about it but you not only helped us learn jwt but also so many new packages like @hapi/joi . Also, I wanted to learn about atlas and it was here in the video only I loved the video. Thousand thumbs up for you..

  13. That was an awesome tutorial. Maybe you could also do a little frontend tutorial, eg. showing the logged in user data in the navbar or something like that.

  14. Hi Brother, When using mongoose schema then why creating another Joi Schema for validation…I guess mongoose model will give error if something invalid is provided in body??


Leave a Comment