Contact us Log In Get account
Business account
PayDo Better with
Apple Pay
PayDo Better with
Apple Pay
Explore
personal account
PayDo Better with
Apple Pay
PayDo Better with
Apple Pay
Explore
Contact us Log In Get account

JWT Tokens

Find a term in our glossary

    JWT Tokens

    JWT, or JSON Web Token, is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

    JWT Token – a standardized, in some cases written and/or encrypted data format, which is used for safe information transferring between two parties.

    JWTs are used for:

    • Authentication: Once the user is logged in, each subsequent request will include the JWT, allowing the user access to routes, services, and resources that are permitted with that token.
    • Information Exchange: JWTs are a good way of securely transmitting information between parties.

    A token consists of three parts, separated by dots (.):

    1. Header: Typically consists of the token’s type (JWT) and the signing algorithm being used, such as HMAC SHA256 or RSA.
    2. Payload: Contains the claims, which are statements about an entity (typically, the user) and additional metadata. Claims can be categorized as registered, public, and private claims.
    3. Signature: To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

    To create a JWT, you must base64 encode the header and payload and then sign it with the algorithm specified in the header.

    Here is an example of a JWT structure: xxxxx.yyyyy.zzzzz

    • `xxxxx` – Base64 encoded header
    • `yyyyy` – Base64 encoded payload
    • `zzzzz` – Signature

    JWTs provide a way to exchange data with proof that they haven’t been altered along the way.

    On this page, you have the option to generate a token, as well as view which tokens have already been created and when.

    Add a new token 

    • A window opens where you need to specify the name of the token, the expiration date (if no date is selected, the token will be valid indefinitely), and a confirmation code.
    • The generated token is available only once; after navigating to another page or refreshing the current one, it disappears.