In this article, we will see how to solve "token can not be verified: Full authentication is required to access this resource" error while trying to access some resource using a REST API endpoint. This is a pretty common error which lots of folks receives while trying to request a resource by sending GET request to an API endpoint. You may encounter this error in any of the client applications such as curl or postman depending on what you are using to interact with REST API endpoint.
What is JWT Token
JWT, also known as JSON Web Token is a self-contained, digitally signed security token designed to safely carry identity and authorization information between systems in a compact and portable form. Unlike traditional session-based mechanisms, a JWT holds all the necessary claims about a user or client within the token itself, allowing servers to verify trust without storing session data.
What makes a JWT unique is its three-part structure - header, payload, and signature - which together ensure integrity and authenticity. The header defines how the token is secured, the payload contains structured claims such as user identity, roles, permissions, and expiration time, and the signature cryptographically binds the token to its issuer. This signature allows any receiving system to independently validate that the token has not been altered and was issued by a trusted authority.
JWTs are widely used in modern, distributed architectures because they are stateless, scalable, and language-agnostic. Once issued, a JWT can be passed between clients, APIs, and microservices to prove identity and access rights without repeated database lookups. Although the payload is encoded and readable, the cryptographic signature ensures that the data cannot be modified without detection, making JWTs suitable for secure authentication and authorization flows when used with best practices.
In a real world, a JWT token acts as a secure digital passport - compact enough to travel with every request, trustworthy enough to validate identity, and flexible enough to support modern cloud-native and API-driven applications.
Solved "Token can not be verified: Full authentication is required to access this resource"
Also Read: Solved "colima start showing FATA[0004] error starting vm: error at starting: exit status 1"
In my case, I got "token can not be verified: Full authentication is required to access this resource" error in Postman while trying to send a GET request to my REST API endpoint. This error could occur due to multiple reasons but most of the time it occurs when correct API Key is provided in header request but bearer jwt authentication token has not been passed in header while sending GET request. So basically when I checked Headers section in my Postman application, I noticed below api-key was there in key value section:-
api-key X9f3K2LmA8QwR7T6ZB1C0YpEJH5N4M
But when I checked the Authorization section, I noticed Bearer Token was not given and hence not getting passed in Headers section in Postman and hence resulting in "token can not be verified: Full authentication is required to access this resource" error. So, in order to fix this issue, it is absolutely required to generate jwt token first and then provide that token as Bearer Token in Auth Type. It should look something like below in Postman:-
Auth Type: Bearer Token
Token: eyJhbGciOiJIUzI1NiIsInR5c........
It is important to make sure that above jwt token is not expired. After providing correct bearer token, if you click on Send again, you will notice that Authorization section in Headers is populated with hidden values as you can see below and then a request is sent again to REST API endpoint. If your token is valid then you will see a response from API. This should fix your issue.
Sometimes, it is also possible that you might provide authentication token but forgot to provide api-key in headers section. In this case, you will see another error called "No API key found in request" on Postman JSON output. If you see this error on output then all you need to do is to just provide api-key in Key section and the respective key data in Value section. Please do not provide default x-api-key in Headers section as sometimes it does not work. It works only if you provide api-key in Key section. Hope this helps. Please let me know your feedback in comment section.