JWT

JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. It consists of three base64-encoded parts separated by dots: a header specifying the algorithm, a payload containing claims like user ID and expiration time, and a cryptographic signature for verification. JWTs enable stateless authentication.

After a user logs in with correct credentials, the server creates a JWT containing the user's ID and role, signs it with a secret key, and sends it to the client. The client stores this token and includes it in the Authorization header of subsequent API requests as Bearer followed by the token. The server verifies the signature and extracts user info without database lookups.