JWT (JSON Web Token)
Definition
A compact, self-contained token format used for securely transmitting claims between parties as a digitally signed JSON object for authentication.
A JSON Web Token is a URL-safe string composed of three Base64-encoded parts separated by dots: a header specifying the signing algorithm, a payload containing claims about the user or session, and a signature that verifies the token has not been tampered with. JWTs are widely used for stateless authentication in web applications.
When a user logs in, the server generates a JWT containing the user's identity and permissions, signs it with a secret key, and returns it to the client. The client includes this token in the Authorization header of subsequent API requests. The server can verify the token's signature and extract user information without querying a database, enabling horizontal scaling.
JWTs offer significant advantages for distributed systems because they are self-contained and stateless, eliminating the need for centralized session storage. However, they have important limitations: tokens cannot be revoked before expiration without additional infrastructure, large payloads increase request size, and the payload is merely encoded not encrypted, so sensitive data should never be stored in a JWT without additional encryption.
No spam. Unsubscribe anytime.
Related Calculators
Related Terms
JSON (JavaScript Object Notation)
techA lightweight data interchange format that is easy for humans to read and write and easy for machines to parse and generate.
OAuth (Open Authorization)
techAn open standard authorization protocol that lets users grant third-party applications limited access to their accounts without sharing passwords directly.
API (Application Programming Interface)
techA set of rules and protocols that allows different software applications to communicate with each other and share data or functionality.
Encryption
techThe process of converting readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and key, protecting it from unauthorized access.
Related Articles
JSON Formatting Best Practices: Write Clean, Valid JSON
Master JSON formatting with best practices for syntax, nesting, and validation. Learn common errors, debugging tips, and how to write clean JSON data.
Regex Cheat Sheet: Essential Patterns Every Developer Needs
A practical regex reference guide with common patterns for emails, URLs, phone numbers, and more. Includes syntax explanations and real-world examples.
How to Generate Secure Passwords: Best Practices for 2026
Learn how to create strong, secure passwords that protect your accounts. Covers password length, complexity, managers, and multi-factor authentication.
Guide to QR Codes: How They Work, Types & Best Uses
Learn how QR codes work, the different types available, and best practices for creating and using them in marketing, payments, and information sharing.