CybersecurityJWT

JSON Web Token

Short definition

A digitally signed token format used to authenticate users in web and mobile apps without storing sessions on the server.

Extended definition

A JWT has 3 parts: Header (signature type), Payload (user data and permissions), and the digital signature. When the user logs in, they receive a JWT sent with every subsequent request in the Header. The advantage: no session database needed, works perfectly in microservice architectures.

Example & use case

A mobile app signs the user in and receives a JWT valid for 7 days, stored in Keychain (iOS) or Keystore (Android).

Need a custom solution?

Our engineering team can help you apply these concepts to your own product or business.

Talk to us

Related terms

OAuth 2.0

OAuth

An open standard that lets a third-party app access a user resources on another service (like Google or Facebook) without knowing the password.

Role-Based Access Control

RBAC

A security model that grants permissions to users based on their role in the organization (admin, accountant, sales rep) rather than individually.

More in Cybersecurity

OAuth 2.0Role-Based Access ControlSingle Sign-On