---
title: "Tutorial: How to Extract JWT Data"
description: "Learn how to extract data from a JWT and use it to implement access control on your API."
canonicalUrl: "https://zuplo.com/blog/2024/12/30/extracting-jwt-data-tutorial"
pageType: "blog"
date: "2024-12-30"
authors: "josh"
tags: "JWT API Authentication, Tutorial"
image: "https://zuplo.com/og?text=Tutorial%3A%20How%20to%20Extract%20JWT%20Data"
---
## What is a JWT?

A JSON Web Token (JWT) is a compact, self-contained token in JSON format used to
securely transmit information between parties. It commonly contains encoded
payload data (claims) and a signature for integrity verification, ensuring that
the token hasn’t been altered since it was issued.

## What Data is Stored in a JWT?

A JSON Web Token (JWT) usually contains three parts: a header, a payload
(claims), and a signature. The payload section often stores user-related data
(e.g., user ID, roles, permissions), token expiration time, issuer, and other
metadata needed by the application.

## Tutorial: How to Extract Data from a JWT

In this demo, Josh shows how you can use Zuplo and it's built in auth policies
to break open a JWT, forward details onto the backend and make custom rules to
enforce access control.

<YouTubeVideo videoId="rR6xp8x1Wak" />

Length: 6 minutes