What is JWT? — UK Software Development Guide
Direct Answer
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object that is digitally signed. JWTs are commonly used as access tokens in OAuth 2.0 and OpenID Connect authentication flows. A JWT consists of three parts: Header (token type and signing algorithm), Payload (claims — the information being transmitted), and Signature (cryptographic verification).
JWT in the UK
JWTs are the standard access token format for UK API authentication. UK government APIs (HMRC MTD uses JWTs, NHS Login issues OIDC tokens which are JWTs) and most UK SaaS platforms use JWTs for authentication. UK GDPR consideration: JWT payloads are only base64-encoded (not encrypted) — never put personal data in a JWT payload unless the token is encrypted (JWE, not JWS). The UK practice is to put only the user ID and role in the JWT payload, storing personal data server-side. JWT expiry: short-lived access tokens (15 minutes) with refresh tokens (7 days) is the recommended pattern.
Related Glossary Terms
API
API explained for UK software developers and business owners. An API (Application Programming Interface) is a defined set of rules and protocols that allows different software system... UK context, examples, and related services.
Microservices
Microservices explained for UK software developers and business owners. Microservices architecture is a software design approach where an application is built as a collection of small, indepen... UK context, examples, and related services.
Open Banking
Open Banking explained for UK software developers and business owners. Open Banking is the UK's implementation of PSD2 (Payment Services Directive 2) — a regulatory framework that requires th... UK context, examples, and related services.
GRAPHQL
GraphQL explained for UK software developers. GraphQL is a query language for APIs and a server-side runtime for executing those queries, developed by Meta (Facebook)... UK context and related services.
OAUTH
OAuth 2.0 explained for UK software developers. OAuth 2.0 is an authorisation framework that allows applications to obtain limited access to a user's account on another...
Nodejs
Node.js explained for UK software developers. Node.js is an open-source, cross-platform JavaScript runtime environment that executes JavaScript code outside a web bro...
Get Expert Advice on JWT
Speak with our UK software development experts about JWT. Free consultation, transparent pricing, no obligation.