The Power of JWT

The JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way to securely transmit information between parties as a JSON object.

Structure of a JWT

A JWT consists of three parts separated by dots (.):

1. Header: Token type and hashing algorithm.
2. Payload: The data (claims) you want to transmit, such as user_id or permissions.
3. Signature: Ensures the token hasn't been altered along the way.

Why is it popular?

Unlike traditional sessions, the server doesn't need to store anything in the database to validate a user. It only verifies the token's signature.

In Heapi, you can use the Auth tab to configure JWT tokens and see how they are sent in the request headers.