Home/API/JWT Claims
API Cheat Sheet Wiki

JWT Claims cheat sheet

Common JWT registered claims and debugging rules.

Quick lookup

issCheck exact spelling, casing, and the platform documentation for this field.
subCheck exact spelling, casing, and the platform documentation for this field.
audCheck exact spelling, casing, and the platform documentation for this field.
expCheck exact spelling, casing, and the platform documentation for this field.
nbfCheck exact spelling, casing, and the platform documentation for this field.
iatCheck exact spelling, casing, and the platform documentation for this field.
jtiCheck exact spelling, casing, and the platform documentation for this field.
scopeCheck exact spelling, casing, and the platform documentation for this field.

Common mistakes

  • Debugging the client before checking the raw request and response
  • Ignoring headers that explain cache, auth, or rate limits
  • Treating browser CORS failures as generic API downtime
  • Logging tokens or webhook secrets while troubleshooting

Online tools