JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and authorization. A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (claims/data), and Signature (cryptographic verification).

Common use cases: API authentication (OAuth2/OpenID Connect tokens), session management (stateless sessions), information exchange (securely transmitting claims between parties). ⚠️ Never store secrets or sensitive data in a JWT payload — the payload is only base64-encoded, not encrypted. Anyone who intercepts the token can read it.