JSON Web Token Documentation

JSON Web Tokens are representations of claims, or authorization proofs that fit into the Header of HTTP requests.


JWTs are used as the MAC of operations that require authorization. Gradecoin has 2 such operations:

They are sent alongside the JSON request body in the Header;

Authorization: Bearer <JWT Token here>

Gradecoin uses 3 fields for the JWTs;

"tha": "Hash of the payload, check invididual references",
"iat": "Issued At, Unix Time",
"exp": "Expiration Time, epoch"


We are using RS256, RSASSA-PKCS1-v1_5 using SHA-256. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works and create ad hoc tokens here.