Discover Our Blog

Token Based Authentication API in Rails with the help of JWT and Knock

Token Based Authentication API in Rails with the help of JWT and Knock


If you want to create Rails Application dependent on API only and you have a requirement to provide Token based authentication in your application. So you can use JWT+ KNOCK token based Authentication solution.


Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.

JWT is JSON based web tokens.


Advantages of using JWT and Knock in Ruby on Rails Application:


  • JWT:


1. It is lightweight

2. It is easy to use

3. It is stateless


  • Knock:


1. Seamless JWT authentication for Rails API

2. It is easy to implement and maintain.

3. It allows customization.


Step 1: Create Rails API Project


rails new project_name --api -d mysql 



# --api specifies the rails application is API based

# -d mysql specifies that we use mysql database in this application


Step 2 : Add gem


Add following gem into project_name/Gemfile


gem 'knock' 

gem 'jwt'


gem file looks like


Token Authentication in Rails Application

Figure 1: Gemfile for JWT and Knock


Next to run command on terminal for installing gem in application.

bundle install 


Step 3. Setup a basic Knock structure.


Run following command


rails generate knock:install 

rails generate knock:token_controller user


Now run the following commands to setup your Rails application.


rails generate model users 

rails generate controller users 

rails generate controller home



If you add custom model so you can do it


File Location: project_name/db/migrate/:random_number_create_users.rb


Migration file in Ruby on Rails Application

Figure 2: Migration File


Run following command to create User table


rake db:migrate 


Step 4 . Authorization/Knock Setup:


File Location: project_name/config/initializers/knock.rb


Knock Setup in Rails Application

Figure 3: Knock.rb file


Step 5. Setup your User model with some basic validation.



File Location: project_name/app/model/user.rb



Your user model look like this.


Knock and JWT in Rails Application

Figure 4: User.rb file


Now you can setup controller to access the Authentication.


Add include Knock::Authenticable 


File Location: project_name/app/controller/application_controller.rb


Application Controller in Rails Application

Figure 4: Application Controller

Also each and every method call pass though knock authentication.


Add before_action :authentication_user, only[:auth]


Here auth is a method to check client is authorized.


In home controller there is index method and auth method for login.


File Location: project_name/app/controller/api/v1/home_controller.rb


Home Controller | Ruby on Rails Developer

Figure 6: Home Controller


File Location: project_name/app/controller/api/v1/users_controller.rb

In user controller there is index, current method for current user data and create method for creating new user. Also you can add update and delete method.


Add authentication on required method with help of authentication_user , authorize_as_admin, and authorize method.


User Controller in Ruby on Rails Application

Figure 7: User Controller

Final Step: Test API


We test API with help of Postman.


1. User creation API: API endpoint is http://localhost:3000/api/v1/users/create


We send parameter in body for user creation so that API method type POST. After calling API we get successful response with status 200 and and message “User was created ”.


After user creation we go to login API, but for application login we need a token so we need to call token API.


User Create API - Rails Application | Token Authentication


Figure 8: User create API



2. API Endpoint: http://localhost:3000/api/v1/user_token


For user token we need to send email id and password in body of method type POST.


If email id and password is valid to API we get jwt token from knock in response.


Great we now got token. With help of this we access knock authorized method.


User Token API - Rails Application Development

Figure 9: User_token API


3. Login API:


API Endpoint: http://localhost:3000/api/vi1/auth


we sent jwt token in header of API and content type is applicationJson.


Authentication: Bearer jwt token

content type: : applicationJson.


If everything is OK, then we get successful response.


Rails Application - Token Based Authentication API

Figure 10: Login with jwt token


These two gems Knock + JWT can help us to develop token based API in Rails 5 very easily and will save the overall time required in Ruby on Rails development.


  1. thanks for sharing this type of useful information. I am a ruby on rails developer India and I like to learn more about the API and rails.

Leave a comment: