JSON Web Token (JWT)
A JSON Web Token (JWT) is a compact, signed token that securely carries claims (like a user's identity) between a client and server, commonly used for stateless authentication.
A JWT has three parts — header, payload, and signature — encoded and joined with dots. The payload holds claims such as the user ID and expiry; the signature lets the server verify the token wasn't tampered with.
Because the token is self-contained and signed, the server can authenticate a request without a database lookup, enabling stateless, scalable auth. Tokens should be short-lived and paired with refresh tokens.
JWTs are widely used in API authentication and are issued by identity systems after a user signs in via email or OAuth.
Related terms
JSON Web Token in Kolaybase
See it in practice
Kolaybase gives you PostgreSQL, auth, storage, and a REST API in minutes.