In its simplest form, there is not much to using this extension. You use create_access_token() to make JSON Web Tokens, jwt_required() to protect routes , and get_jwt_identity() to get the identity of a JWT in a protected route. We can see this in action using HTTPie.