![\"What](\"/72332960e1243ffa32dc827adaf67f77/What-is-a-DDoS-attack.webp\")
In the whole software development process, QA testing has a unique space. QA is responsible for ensuring that developed software is bug-free and works concerning technical and business requirements.
\nQA engineers must have a good understanding of each project and what it means to accomplish. They must deliver quality software to the clients.
\nGiven the responsibility of a QA's job, it is natural to face many challenges in their day-to-day tasks. This article will help to understand the most common of those challenges faced by any QA.
\nUsually, QA teams face unstable environment setup issues that we need to prepare for most of what we have. Sometimes the server gets stuck due to overload and requires a restart many times during testing etc.
\nEscalate these issues to the seniors and make sure you get the environment ready for the testing.
\nNow and then, we realize that a tool is not the right choice for the project. We do not have any other option but to keep using it because the clients/organization already have licenses and would not go for a new one until the current license expires.
\nIt is not fun, but you learn alternate options. Or at least, one can conclude with regards to if the possibilities work.
\nThe biggest challenge QA is to receive requests for last-minute testing. The primary reasons for such demands are that the development process takes more time than expected and the time for testing is underestimated. Generally, testing and debugging take 50% of the development time. When QA has a short time frame for verification, they should check software against the main business specifications. Software testing should begin at least three days of release.
\nIn the case of QA, it's faster to create a document from scratch than to use the one created by others. Using test cases created by others increases the time of verification and puts limits as far as discovering bugs.
\nEverybody thinks of the successful releases of new features or products, but the reality could be different. From our testing experience, the software doesn't typically release from the first time in most cases. The best time for releasing the software is the start of the week. Thus it gives development and QA teams the rest of the week to manage with whatever comes up.
\nWhile trying to make an accurate estimate, some software estimations could be entirely unpredictable and go wrong. As developers, QA also doesn't have 100% security from unexpected issues.
\nDevelopers and QA engineers should work closely. Testing should be done once part of the development process is done, and after that, bug fixing activity should start. QA submit a test report and only after that debugging begins.
\nIt is slightly common to change project requirements mid-sprint in agile development projects. While this can be frustrating for the team and due to that testers can be affected. They may need to re-try the whole extent of testing since even the littlest changes to a codebase should be gone through various tests to guarantee its steadiness and similarity with existing code.
\nNaturally, last-minute changes in the requirement can be difficult for testers to deal with, especially if there are tight deadlines to deliver results.
\nProfessional differences between development and testing teams are still common. Developers think that testing is a final process of the software development life cycle, and testers do not require anything apart from a list of user journeys and technical requirements.
\nHowever, testers may have difficulty identifying flaws in the code if they are not acquainted with the development process. If they do not understand how the software works, they will have trouble creating test cases to find all possible bugs.
\nResolving the challenges mentioned above will not only make the lives of QA testers much easier. Still, it will also streamline the software development process to make it more useful and time-efficient. By making it easy for QAs to do their job well, organizations can ensure that their products meet all business requirements and function in the best possible way.
\n","frontmatter":{"date":"March 05, 2021","updated_date":null,"description":"Software testing is a difficult task in and of itself. Top 9 QA challenges that any tester in the software testing industry would face are discussed in clear terms here.","title":"Top 9 Challenges Faced by Every QA","tags":["QA","Processes","Testing"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.9047619047619047,"src":"/static/3cb5bace33cd7de67d48a1447d9512a7/58556/testing-challenges.webp","srcSet":"/static/3cb5bace33cd7de67d48a1447d9512a7/61e93/testing-challenges.webp 200w,\n/static/3cb5bace33cd7de67d48a1447d9512a7/1f5c5/testing-challenges.webp 400w,\n/static/3cb5bace33cd7de67d48a1447d9512a7/58556/testing-challenges.webp 800w,\n/static/3cb5bace33cd7de67d48a1447d9512a7/99238/testing-challenges.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Neha Vyas","github":"nehavyasqa","avatar":null}}}},{"node":{"excerpt":"Serverless computing has been gaining a lot of popularity in the last couple of years, and for a good reason. It saves developer's time…","fields":{"slug":"/engineering/serverless-overview/"},"html":"Serverless computing has been gaining a lot of popularity in the last couple of years, and for a good reason. It saves developer's time, allowing them to focus on writing code rather than dealing with infrastructure. Deploying powerful and scalable applications has generally become much quicker and easier with serverless. However, there can be drawbacks as well, such as vendor lock-in and lack of control.
\nThis blog will briefly go over some of the most popular serverless computing options from major cloud providers. There are also plenty of great resources online explaining serverless architecture in detail, so definitely go check those out if you haven't already. Now, let's go over some of the popular choices for serverless computing.
\nAlmost all major cloud providers offer serverless computing such as AWS, Azure, Google Cloud, IBM Cloud, Alibaba Cloud, etc. In this blog, we'll only be going over a few.
\nAWS Lambda was released in 2014 and has played a significant role in the rise of serverless computing.
\nRecent notable updates include:
\nLaunched in 2016:
\nRecent notable updates include:
\nLaunched in 2017:
\nRecent notable updates include:
\n\nLaunched in 2017:
\nRecent notable updates include:
\nThere are a lot of great options worth considering when looking for serverless computing from a cloud provider. This was a very brief introduction to some of the most popular choices, so definitely check out each provider's official documentation for more detail!
\n","frontmatter":{"date":"March 04, 2021","updated_date":null,"description":"Traditional software development is being transformed by serverless computing. Check out the best serveless computing platforms that will assist you in getting started.","title":"Top 4 Serverless Computing Platforms in 2021","tags":["Serverless"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/d0f5b94c5c84661a08014e68b645384c/58556/cover.webp","srcSet":"/static/d0f5b94c5c84661a08014e68b645384c/61e93/cover.webp 200w,\n/static/d0f5b94c5c84661a08014e68b645384c/1f5c5/cover.webp 400w,\n/static/d0f5b94c5c84661a08014e68b645384c/58556/cover.webp 800w,\n/static/d0f5b94c5c84661a08014e68b645384c/99238/cover.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Andy Yeung","github":null,"avatar":null}}}},{"node":{"excerpt":"Being a Quality Analyst, it's our responsibility to run test cycles on the system and push releases every two weeks to ensure the system is…","fields":{"slug":"/engineering/qa-teams-deliver-quality-software/"},"html":"Being a Quality Analyst, it's our responsibility to run test cycles on the system and push releases every two weeks to ensure the system is updated with the latest fixes and everything is bug free on the live platform. Usually, every release includes amendments as well as fixes done. If we talk about the resources, the team typically has 8-10 resources, including developers and the QA team.
\nTherefore, we should always be proactive about every release and avoid any stress during the release. Everything has to be managed properly when it comes to execution from the development end or testing from the QA end. For that purpose, we have to follow proper strategies to ensure that everything is getting tested and the release we approve met the expected quality standards.
\nWe have penetrated limits in two ways. In this day and age, we are a client confronting unit, as we get with our clients straightforwardly about their issues which they experience over the software or what are the highlights which they need to join on the stage. Also, we are actively participating in the design discussions or any inputs required from our end, which we receive from the client's end, to make sure we are going in the right direction as per the client's vision. Our testing experience always helps detect any flaw or defects before doing any coding work, which reduces additional efforts and minimizes the work. This way, we can ensure everything is done based on the client's given timeline and a quality outcome.
\nAs it's impractical to test everything each time at whatever point you push any delivery. For that reason, you need to focus on the piece of code that has been chipped away. This way, you can test the primary work component without postponing things and afterward run a total test cycle to ensure no other part has been clashed by the changes. For this reason, there is a new delivery check with the group of what piece of code has been refreshed and what are the results, and generally center around that part to run tests. This way, you can focus on the work and endeavors which should be put.
\nWe center around those pieces of the code and utilize existing computerization tests to deal with different parts. If you realize something worked in the final delivery and you're not contacting it in this delivery, at that point, you don't have to invest an excessive amount of time in testing. So base your delivery standards on the new code that is being added.
\nQA has to make sure that whatever work needs to be done is appropriately prioritized. For example, if particular area of a platform is not affecting things much and can be taken care at later stage then it should be on the lowest priority; If less than one percent of our users are on a particular browser, issues specific to that browser stand out enough to be noticed. And the area which is affecting the whole system should be done on the very first priority. There should be priorities defined like – Blocker, Emergency, Highest, High, Normal, and Low! So always work as per the critical attention on a specific feature and consider the target user demands. What is their feedback or issues to which they want to have access? If something moved beyond clients and we find bugs, we need to fix them in the following release.
\nYou will often hear from the development team that, \"…. It works fine with me; there must be some network issue or system issue on your end\". We have to make sure not to have such conflicts in between because, in the end, our goal has to be – Delivering bug free solution!
\nFor that purpose, Our QA and development teams run their tests in the same environment. As our builds move through the development pipeline, we should test the code under the production environment to build our staging environment to simulate our customer's production environments.
\nAlways plan to arrange a dedicated performance team who can run tests as soon as a product is steady and tell the team about new versions and requirements to evaluate the performance risks.
\nTo update performance teams with all the latest information and provide them with an environment close to production as you can. To make sure that there shouldn't be any gaps between and can appropriately test the product.
\nQA team runs regression tests in the last phase of the product cycle, and it is that process that confirms the product delivery. If any of the regression tests fail, QA informs the managers/stakeholders so that appropriate actions can be taken for further release as it's never acceptable to deliver the product if any of the tests fail, which might end up in more significant problems for the team as well as the client. So the QA team always makes sure to run regression tests to verify everything properly.\nWe additionally automate our regression cycle, so it just requires a couple of days to run.
\nAs we maintain customer data in our database collections, we need to guarantee that it should remain attuned with any new versions that have been released or about to release. Whenever we release a new version, we run several updates to check that no data was harmed, and in case we find any data-corrupting bugs, those become our highest priority. We also perform manual backward compatibility testing while taking steps towards finding an automated and more efficient approach. Nonetheless, it would be best to do some manual testing, as this is one of the last stages before production.
\nWe perform post-release sanity tests on our production account to authorize that everything works as projected, including all third-party systems. We initially perform tests utilizing our existing production account but then create a new account to check that the process will continue to work correctly as new customers register.
\nThe best testing practices should inculcate all other processes in general and risk management processes in particular in them. The focus should be to improve the software's overall quality while aiming to reduce the cost with continuous monitoring during and after the software release. While doing quality assurance testing, the tester should comply with all the fundamental principles and industry practices and look at the product from the end user's perspective.
\n","frontmatter":{"date":"March 01, 2021","updated_date":null,"description":"A comprehensive overview of the QA testing process is given. Learn what it takes to get top-notch testing facilities.","title":"QA Testing Process: How to Deliver Quality Software","tags":["QA","Processes","Testing"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/129a0973488f0d77139cfcb0f1cb61eb/ad85c/software-testing.webp","srcSet":"/static/129a0973488f0d77139cfcb0f1cb61eb/61e93/software-testing.webp 200w,\n/static/129a0973488f0d77139cfcb0f1cb61eb/1f5c5/software-testing.webp 400w,\n/static/129a0973488f0d77139cfcb0f1cb61eb/ad85c/software-testing.webp 600w","sizes":"(max-width: 600px) 100vw, 600px"}}},"author":{"id":"Neha Vyas","github":"nehavyasqa","avatar":null}}}},{"node":{"excerpt":"A list is a set of index-accessible objects that provides functionality for searching, sorting, and manipulating list items. C# List class…","fields":{"slug":"/engineering/list-csharp/"},"html":"A list is a set of index-accessible objects that provides functionality for searching, sorting, and manipulating list items. C# List class represents a collection of strongly typed objects that can be accessed by using the index. In this article, we learn how to work with lists in C# using the C# List class to add, remove, and search items in a collection of objects using List class methods and properties.
\nList<T> class in C# cotains a strongly typed list of objects. It provides functionality to create a list of objects, add list items, search, sort and manipulate list items. In List<T>, T is the type of objects like int, string, or any user-defined object.
List<T> is required when we have multiple items with the same object, like data of student's marks or data of various subject's names (string). In that case, we can use List<T> to maintain that data into a list.
List<T> comes under the System.Collection.Generic namespace and the index start from 0.
We can create a list by calling the List<T> constructor; It takes an argument of int type that is the list's capacity. If we do not define the capacity, then the list size will be dynamic and every time an element is added, the list size is increased. The list can be created using the below syntax.
List<int> lst=new List<int>(); // list with dynamic capacity\nList<int> lstCapacity=new List<int>(10); // list with capacity of 10 elementsAs we have discussed above, Here T is the type of object for which we have to create the list. The type is int in the above code, which means we can store the int type of variable's value.
Note: If we have created the list using the capacity value and when more than the defined capacity elements are added, the list size will automatically increase.
\nWe can add elements directly into when we have created a list or add elements after creating a list. I will discuss both methods here.
\nList<int> lst = new List<int>\n{\n 1,2,3,4,5,6\n};List<int> lst = new List<int>();\nlst.Add(1);\nlst.Add(2);\nlst.Add(3);\nlst.Add(4);\nlst.Add(5);\nlst.Add(3);The list has mainly two properties.
\nList<int> lst = new List<int>();\nConsole.WriteLine(lst.Capacity); //Prints 0-- Default\nList<int> lst1 = new List<int>(5);\nConsole.WriteLine(lst1.Capacity); // Prints 5List<int> lst = new List<int>(5);\nConsole.WriteLine(lst.Count); // Prints 0\nlst.Add(1);\nlst.Add(2);\nConsole.WriteLine(lst.Count); //Prints 2To get all the elements of a list, we have to loop through the list. We can use for or foreach loop to get the elements. Below is the code to get all the elements using both the loops and print the element's values.
\n\nforeach (var item in lst)\n{\n Console.WriteLine(item);\n}In this method, we have to run the loop till the last element of the list. For that, I have used the Count property of the list
\nfor (int i = 0; i < lst.Count; i++)\n{\n Console.WriteLine(lst[i]);\n}Both the methods will give the same output. I am taking the above list example so the result will be
\nOutput:
\n1\n2\n3\n4\n5\n3To remove items from a list, we can use various list methods.
\nlst.Remove(3); // Removes the fist occurance of element 3Predicate<T> match)- This method removes all elements from a list that matches the condition defined by the specified predicate. We have to pass the predicate as a parameter.lst.RemoveAll(x=>x==3); // Removes all the elements 3lst.RemoveAt(0); // Removes 0th index element from a listlst.RemoveRange(0,2); // Removes element 1,2 because the starting index is 0 and count is 2lst.Clear(); // Removes all elements from a listIn this article, we have discussed the basics of List<T>, properties, and some methods. The main advantage of using the list is that it is faster and it is more friendly because it gives us many inbuilt methods to use and do the manipulation according to ourselves. If you want to learn more about C# here is an article written by me on How to Work with Nullable Types in C#
Did you know that in only a few minutes, a DDoS attack can bring your website down? Hackers are targeting your site and overloading your network and your server. Your website becomes unresponsive, unavailable and can even go entirely offline. We'll show you how DDoS attacks can be avoided.
\n
A Distributed Denial of Service (DDoS) is a targeted cyber attack on a website or device where a malicious attacker's flood of traffic is sent from single or multiple sources. The primary purpose of DDoS is to make a machine or network resource unavailable to its genuine users by temporarily or disrupting the services of a host connected to the Internet. If we do not use appropriate security practices or tools, it makes your application into a non-functional situation.
\nThe malicious attacker uses multiple compromised computer systems or devices or IoT devices for the attack. These all compromised devices make the DDoS attacks more effective.
\nDDoS mitigation is a process in which we have used a set of techniques or tools for minimizing or mitigating the impact of distributed denial-of-service (DDoS) attacks on the targeted servers or networks.
\nThe Volume Based Attack DDoS attack is the most common DDoS attack. An attacker uses multiple methods to generate massive traffic volumes to overwhelms a machine's network bandwidth because of creating massive volume traffic that makes it impossible for legitimate traffic to flow into or out of the targeted site. The machine continually has to check the malicious data requests and has no room to accept legitimate traffic. We can detect this type of attack easily.
\nThe Protocol attacks target Layer 3 and Layer 4. Attackers use malicious connection requests for consuming the processing capacity of network infrastructure resources like servers, firewalls, and load balancers.
\nAn SYN flood (half-open attack) is the most common way; in this attack, the attacker sends repeated initial connection requests and overwhelms all available ports on a targeted server machine or device.
\nThe Application attacks target Layer 7, which is the topmost layer in the OSI network model. This layer is closest to the end-user, which means both the OSI application layer and the user interact directly with the software application. These attacks are typically small in volume compared to the other layers attacks, so these attacks are not easy to catch, i.e., a small number of HTTP requests on a login page.
\n![\"How](\"/57071b77d7cf07f146054f334f7b7bb2/How-to-mitigate-DDoS-attack.webp\")
Application traffic monitoring is essential. We can identify most of the attacks using the proper monitoring. Commonly DDoS attacks are made with high volume traffic but DDoS attacks could be possible with a single vulnerable HTTP endpoint.
\nWhenever traffic exceeds a defined threshold, then you should get some alert or notification. The best practice is to have the proper configuration for the alerting in your monitoring tools. It helps you identify the DDoS attack as early as possible and mitigate damage.
\nAccording to organizations size and policies, multiple teams have different responsibilities in infrastructure management. The DDoS attacks happen suddenly and should document the steps that need to follow.
\nDuring the DDoS attack, first, you need to think about minimizing the impact on your application. Team responsibilities for key team members to ensure the organized reaction to the attack should be clear and the first step is defining how it will end.
\nCreate a checklist: Define all the processes and steps in a list, like what tools you will use, who is the right person for contact.
\nCommunication: You should correctly organize all communications and well-defined.
\nResponsibility: Documente all the team member's responsibilities and their reaction.
\nA Web Application Firewall (WAF) is a set of rules or policies that helps protect web applications or APIs from malicious traffic. WAF sits between an application and the HTTP traffic and filters the common web exploits that can affect availability.
\nThere are various WAF solutions available, but you need to analyze which WAF solution is suitable for your application.
\nAttackers can make so many repeated calls on the APIs. It can make resources unavailable to its genuine users. A rate limit is the number of API calls or requests that a user can make within a given time frame. When this limit is exceeded, block API access temporarily and return the 429 (too many requests) HTTP error code.
\nI m adding node js examples to implement the rate limit. multiple npm packages are available for node js
\nNodeJs
\nimport rateLimit from 'express-rate-limit';\n\nexport const apiRatelimit = rateLimit({\n windowMs: 60 * 60 * 1000, // 1 hrs in milliseconds\n max: 100,\n message: 'You have exceeded the 100 requests in 1 hrs limit!', \n headers: true, // it will add X-RateLimit-Limit , X-RateLimit-Remaining and Retry-After Headers in the request \n});\n\n// you can add this in the middleware. it will apply a rate limit for all requests \napp.use(API rate limit);Active cache means if the service first attempts to read from the cache backend and falls back to reading from the actual source. The service is not dependent on requesting the data from the real upstream server. A cache backend is a key-value store (e.g., Redis) or In-Memory cache, and the actual source of data is SQL, MongoDB, etc.
\nPassive cache architecture ensures high volume traffic never hits to actual server or service.
\nI m adding node js examples to implement the passive cache. multiple npm packages are available for node js
\nNodeJs
\nimport nodeCache from "node-cache";\n\nconst myCache = new nodeCache();\nap\n// set object in the cache \n\nobj = { userid: 909887, name: "example" };\n\nsuccess = myCache.set( "userKey", obj, 600 ); // ttl is 600 seconds \n\n\n//read object from the cache \nvalue = myCache.get( "userKey" );\nif ( value == undefined ){\n // handle miss!\n}Several vendors provide DDoS mitigation services as software as a service model. They have charged a license fee the first time then charge according to service usages.
\nThe Cloud-based DDoS mitigation solution has a lot of advantages. They have dedicated staff, better reaction time, High network bandwidth than private networks to perform better in case of volume-based DDoS attack. Multi cross-region availability with auto replica or backup so you can switch to your application load next available region without impacting your actual users, updated policies or rule set, a better experience for handling DDoS attacks.
\nThe DDoS attacks are increasing day by day. Organizations need to prepare for any attack. If the organization does not prepare in advance and any attack happens, that case damage control can take months and impact the organization's reputation.
\nLoginRadius has all processes and policies well defined, 24X7 monitoring by delegating security team. Please see Security Overview document for more information.
\n","frontmatter":{"date":"February 24, 2021","updated_date":null,"description":"Learn what a DDoS attack is, including the various classifications of attacks, and how to defend your site from one.","title":"What is a DDoS Attack and How to Mitigate it","tags":["DDoS","DDos mitigate","DDoS Prevention"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.3333333333333333,"src":"/static/72332960e1243ffa32dc827adaf67f77/58556/What-is-a-DDoS-attack.webp","srcSet":"/static/72332960e1243ffa32dc827adaf67f77/61e93/What-is-a-DDoS-attack.webp 200w,\n/static/72332960e1243ffa32dc827adaf67f77/1f5c5/What-is-a-DDoS-attack.webp 400w,\n/static/72332960e1243ffa32dc827adaf67f77/58556/What-is-a-DDoS-attack.webp 800w,\n/static/72332960e1243ffa32dc827adaf67f77/cc834/What-is-a-DDoS-attack.webp 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vijay Singh Shekhawat","github":"code-vj","avatar":null}}}},{"node":{"excerpt":"Suppose, You have a massive amount of data and want to add them to your new product campaign. You are probably not sure that all of them…","fields":{"slug":"/engineering/eva-google-script/"},"html":"Suppose, You have a massive amount of data and want to add them to your new product campaign. You are probably not sure that all of them belong to the right audience; some might be spam or disposable emails.
\nWell, it would be great to verify them all together in a single shot with 100% accurate results without any manual interaction.
\nI am writing this article as so many of us have the same concern and are looking for a business email validator that can resolve this problem with high accuracy.
\nHere we have the tool EVA (Email Verification APIs), which provides excellent email verification services with their open APIs.
\nGoogle allows you to create scripts using your custom functions with the service you wanted to use. You can make these functions in standard JavaScript with a basic understanding of JS. Here is the guide to start with Custom Functions in Google Sheets.
\n=eva(email)
Eva needs the email address only from you and the rest will perform with their excellent service. You can also go through the Email Verification API (EVA) article for more details about EVA.
\nHere is the custom function created using the EVA Services to validate email.
\nfunction eva(email) {\n var url = "https://api.eva.pingutil.com/email?email="+email;\n var res = UrlFetchApp.fetch(url);\n\n // Get status of the API\n var status = res.getResponseCode();\n if (status != 200) {\n return false;\n }\n var contextText = res.getContentText();\n \n var result = JSON.parse(contextText);\n \n // Logic to check Business Email\n if (result["data"]["disposable"] === false && result["data"]["webmail"] === false && result["data"]["spam"] === false && result["data"]["deliverable"] === true) {\n return true\n }\n return false;\n}We are all set with our script and now need to add this script under Google Script Editor under tools and save it.
\n![\"Google](\"/baf429b5e3e42b9ce2690eb275de9b06/script-editor.gif\")
That all! Now I need to drag this formula to the entire rows on which I want to perform validation.
\n![\"Drag\"](\"/d42e4776a173bf405925530f125c685e/drag.gif\")
Perfect :)
\nYou can set up a trigger to action (i.e., on open, edit or change in sheet) by navigating tools -> script editor and click on the left alarm icon.
\n![\"Trigger\"](\"/f439932ac1d6329ba8d43c814efeffef/trigger.gif\")
In this article, I've explained EVA services to validate email addresses in bulk using the google script editor. If you like what you read, leave a \"thank you note\" in the comment section.
\n","frontmatter":{"date":"February 22, 2021","updated_date":null,"description":"Directly checking email addresses for authenticity in the Google spreadsheet using EVA has never been easier. In this article, you will learn how to validate email addresses using EVA services in Google Sheets.","title":"How to Verify Email Addresses in Google Sheet","tags":["EVA","Google Script","Email Validation"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/ceb7964161e870323d19abf772193401/58556/eva.webp","srcSet":"/static/ceb7964161e870323d19abf772193401/61e93/eva.webp 200w,\n/static/ceb7964161e870323d19abf772193401/1f5c5/eva.webp 400w,\n/static/ceb7964161e870323d19abf772193401/58556/eva.webp 800w,\n/static/ceb7964161e870323d19abf772193401/0e6fb/eva.webp 1074w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Narendra Pareek","github":"pareek-narendra","avatar":null}}}}]},"markdownRemark":{"excerpt":"Introduction Ever wondered how apps like Spotify, Netflix, or Slack manage seamless login experiences across devices? Many of them use JWT…","fields":{"slug":"/engineering/how-to-integrate-jwt/"},"html":"Ever wondered how apps like Spotify, Netflix, or Slack manage seamless login experiences across devices? Many of them use JWT, or JSON Web Tokens, a compact, stateless method for securely transmitting user identity and session data across services.
\nWith JWT token authentication, identity information is embedded in a signed token, allowing you to maintain user sessions without server-side storage. This approach is highly scalable and ideal for modern architectures like SPAs, mobile apps, and microservices.
\nIn this blog, we’ll walk you through what is JWT, why use it, and how to implement JWT authentication using LoginRadius.
\nYou’ll learn what JWT is, why it’s effective, and how it works in real-world applications. We'll cover both integration methods (IDX and Direct API), generating your signing key, managing sessions, storing the JWT token securely, and applying best practices throughout.
\nWhether you're a developer, product manager, or IAM architect, this guide offers a complete foundation for implementing JWT token authentication into your application stack.
\nJSON Web Token (JWT) is an open standard (RFC 7519) used to transmit information securely between parties as a JSON object. It’s compact, self-contained, and digitally signed, making it a reliable format for authentication and authorization across modern applications.
\nA JWT consists of three parts:
\nExample of a token structure:
\n<base64Header>.<base64Payload>.<signature>
\n![\"Flowchart](\"/f29edbf2978577390c7ffa02e9bc4dda/lr-JWT-authentication.webp\")
JWT simplifies identity verification, especially when you're building apps that talk to APIs or need to scale without centralized session storage.
\nLoginRadius provides robust support for JWT (JSON Web Token) authentication, which allows for flexible and secure access control across different digital platforms. Whether you're building a fully custom identity flow or using a pre-built interface, the platform supports various integration approaches depending on your architecture.
\nIf you're looking to understand how to implement JWT token authentication effectively, LoginRadius offers two primary implementation models that cater to different levels of customization and control:
\nThe IDX-hosted login approach enables secure, standards-compliant, JWT-based authentication without requiring you to build a custom login interface. This is a strategic option for fast, compliant, and user-friendly deployments.
\n![\"Screenshot](\"/9fb19dd9c88c7916aeebd03ab6e661b7/lr-admin-console.webp\")
{
\n\"access_token\": \"eyJhbGciOiJIUzI1NiIsInR...\",
\n\"expires_in\": 1800
\n}
\nThis integration approach works best for all teams that want effective identity workflows without the complexity of building proprietary login screens, something that is crucial for customer portals, onboarding of mobile applications, and even managing access for business partners.
\nIf you’re building a custom login UI or working in a headless environment, LoginRadius lets you generate and handle JWTs directly through its Authentication APIs. Here’s how you can programmatically perform token authentication using the classic method:
\nSend a POST login request to the LR Authentication URL:
\nPOST /identity/v2/auth/login
\nInclude the user’s credentials (email + password) in the request body.
\n{
\n\"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",
\n\"expires_in\": 3600
\n}
\nWith LoginRadius, it is possible to customize the payload to include user roles and/or any additional metadata. You can set custom JWT claims on the Admin Console.
\nWith this method, you have complete customization over login flows while using LoginRadius to issue signed JWTs for user session management.
\nNOTE- With either method, LoginRadius ensures that JWTs are securely signed, optionally short-lived, and compatible with standard token validation libraries, making integration seamless for everyone.
\nTo get started with JWT implementation, you can read our complete developer documentation.
\n![\"Illustration](\"/15ec02ac98d24a9f1f28e5d0f06b9174/IDX-vs-Direct-API-JWT.webp\")
Session management is how your app keeps track of a user after they log in so they don’t have to prove who they are with every request.
\nIn traditional apps, sessions are stored on the server using session IDs. Every time a request comes in, the server checks that session ID to verify the user.
\nIn modern apps, especially SPAs and APIs, JWTs are used to manage sessions without needing server-side storage; this is called stateless session management. The token itself carries the user’s identity, roles, and expiration details. As long as the token is valid, the user stays logged in.
\nGood session management ensures:
\nUser Logs In
\nClient Stores the Token
\nAccess Token Expiry
\nToken Renewal
\nWhen the user logs out, both the access token and refresh token should be cleared from client storage.
\nHowever, access tokens are stateless and cannot be revoked mid-lifecycle unless:
\nCombining these strategies gives you greater control over token misuse and enables a robust, enterprise-grade logout flow.
\n![\"illustration](\"/e55ae4bbc8ce62e13f03e46e29ebe7cc/api-economy.webp\")
When you implement JWT-based authentication, the client (browser or mobile app) needs a way to store the access token and, optionally, the refresh token after they are issued by the authentication server. This stored token is then attached to every subsequent request to prove the user's identity.
\nChoosing where to store the JWT is a crucial security decision. The most common storage options are:
\nEach option has trade-offs between security, accessibility, and persistence, and the right choice depends on your application's architecture and threat model.
\nAccess Tokens
\nRefresh Tokens
\nJWT authentication with LoginRadius offers a modern, stateless approach to managing sessions across distributed systems. The IDX integration is ideal for rapid deployment, while the Direct API model is best for organizations needing deep customization and integration flexibility.
\nWith robust token signing, refresh capabilities, and centralized control, LoginRadius provides a future-ready foundation for secure, scalable identity architecture. Contact us to know more about JWT authentication and implementation guide.
\nA: JWT authentication securely verifies user identities, enabling stateless session management across web, mobile apps, and microservices without server-side session storage.
\nA: LoginRadius simplifies JWT integration by offering hosted IDX login pages and direct API-based authentication methods, enabling rapid deployment and deep customization.
\nA: Yes, JWT authentication is secure when implemented with best practices like short-lived tokens, secure storage methods, signature validation, and refresh token rotation.
\nA: Yes, LoginRadius allows revocation of JWT refresh tokens explicitly, and supports strategies like short-lived tokens and key rotation to manage token lifecycles securely.
\n","frontmatter":{"date":"April 15, 2025","updated_date":null,"description":"Discover JWT (JSON Web Token) authentication, its advantages, and how to integrate it seamlessly using LoginRadius' hosted IDX and Direct API methods for secure, scalable identity management.","title":"JWT Authentication with LoginRadius: Quick Integration Guide","tags":["JWT","JSON Web Token","Authentication","Authorization"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":0.7782101167315175,"src":"/static/4cedb7829f98208cbc6d5a9aea4e983d/58556/how-to-integrate-jwt.webp","srcSet":"/static/4cedb7829f98208cbc6d5a9aea4e983d/61e93/how-to-integrate-jwt.webp 200w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/1f5c5/how-to-integrate-jwt.webp 400w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/58556/how-to-integrate-jwt.webp 800w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/1cc9f/how-to-integrate-jwt.webp 896w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Kundan Singh","github":null,"avatar":null}}}},"pageContext":{"limit":6,"skip":78,"currentPage":14,"type":"//engineering//","numPages":53,"pinned":"5c425581-f474-5ae9-abe7-cf5342db2aaa"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}