JWT

acronym

web devsecuritycryptography

Stands for: JSON Web Token

A compact, signed token that carries claims about a user, used to prove identity between services.

A JSON Web Token packs data (who you are, what you can do, when it expires) into a signed string the receiver can verify without a database lookup. Convenient and stateless, but easy to misuse: it should be validated carefully and not treated as secret storage.

Also known as: jwt, json web token, jot, bearer token

All glossary entries