Home/File Formats/JWT
File Format Wiki

JWT format rules

Three-part token format carrying signed claims.

Format rules

  • header.payload.signature
  • Base64URL, not regular Base64
  • exp is seconds since Unix epoch

Valid example

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ.signature

Invalid example

Bearer abc.def

Common errors

  • Assuming JWT accepts syntax from a similar format
  • Using the wrong encoding or line ending
  • Copying invisible characters from rich text
  • Testing only the happy path and not parser errors

Online validation and conversion

Compared with nearby formats

JWT should be chosen for the parser and ecosystem that will consume it. Prefer strict formats for APIs, human-friendly formats for ops config, and signed formats only when verification is required.