JWT Structure & Claims

Q: Header

Algorithm & Token Type (Base64Url encoded) - Structure

Anatomy of a JSON Web Token. Header, Payload, Signature, and standard claims.

JSON Web Tokens (JWT) are an open, industry standard RFC 7519 method for representing claims securely between two parties. Understanding their structure is key to securing your APIs.

Structure

Algorithm & Token Type (Base64Url encoded)

Structure

Data/Claims (sub, name, iat) (Base64Url encoded)

Security

HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

Usage

Standard Authorization header prefix ("Bearer <token>")

Claims

Issuer

Claims

Subject (User ID)

Claims

Expiration Time

Claims

Issued At

This reference breaks down the three parts of a JWT and explains standard claims like 'iss' (issuer), 'exp' (expiration), and 'sub' (subject).

JWT Structure & Claims

Structure

Security

Usage

Claims

Try Tools

Other References