CakePHP framework is very popular and it was used in many projects. It has its own ORM which is very powerful and has good and flexible routing. If you want a complete list of features of CakePHP framework you can check here. In my last post, I explained how we can create web services in CakePHP 3 you can read this post if you want to learn some basics of creating web services in CakePHP. In this post, I will teach you how to secure your web API’s or services using JWT (JSON Web Token ). I already create a post to secure Slim Framework API using JWT you can read that post in the link below.

Secure Slim PHP API’s using JWT

Now in this post, I will explain how we can implement JWT in CakePHP web service to make or web service more secure. So without wasting any time let get started. You can follow below steps to implement JWT.


Step 1. Hope you already installed CakePHP if not then open a terminal and run below command.

Step 2. Setup ACL in your project so you can create the various role-based users. To setup ACL please read this post:- Cakephp3 ACL Implementation.

Step 3. If ACL setup is complete then we need to install JWT plugin in our project

Step 4. Now open config/bootstrap.php file and load JWT plugin.

Step 5. Now create a new folder inside controller in which we can write our web services you can name that folder whatever you want in my case my folder name is Api.

Step 6. Create a new AppController.php file inside src/Controller/Api/AppController.php to setup Auth component and paste below code inside it.

Step 7. Now create a new file inside Api folder in which we can write our service src/Controller/Api/ApiController.php

Step 8. Now in this step, I can copy paste user controller functions into my ApiController and also add login function to let user login and get access token, to create the user after that my controller looks like something this.

Note in above code I remove $this->redirect method and pass status and message. Now we need to add login function in it so we can generate the token for login. add below code in your ApiController.

We need to allow login access without token so we can allow its access add below code in initialize() method

Step 9. Now our controller part is done you can create your custom function as per your need. Now we can create routes through we can request for API.

Add above code inside your routes files.

That’s it now we can test our code, we can make request these API’s using Postman or you can use any REST client.

Access CakePHP 3 JWT based API

Now we can test our web API’s using REST Client, I am using Postman for testing purpose. I already create an online demo of these API’s if you want to test you can use below link.

Live Demo Link:- 

You can also import API using postman link below

Now in below screenshots, you see how we can create request and get a response.

Note. Whenever we request for service we can use header and pass below value in the header

Step 1. First, we need to create a user so we can use add service as shown in below image

CakePHP JWT Web Services - PHP

Step 2. Now we create a user we can log in user account so we can checklist of the user which create an account in our system

CakePHP JWT Web Services - PHP

When we send a request if user details are correct we can get or token with users details.

Step 3. Now we can pass the token to get a list of users. Note we need to pass token in the header as shown in below

CakePHP JWT Web Services - PHP

and after send request to server we get list of user in response if our token is valid

CakePHP JWT Web Services Example- PHP

Step 4. If you want to remove user you can pass user id on URL as shown in below image

CakePHP JWT webservices - PHP

You can download this sample project from above download link. If this post is helpful then please like share and comment on our social pages.

Happy Coding 🙂