JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. JWTs can be signed to provide proof of authenticity and integrity, and encrypted to provide confidentiality. A JWT typically contains header, payload, and signature. The payload holds claims about an entity and is digitally signed to protect integrity. JWTs can be passed in HTML and HTTP environments and used from lightweight clients.