JWT reserved claims

The following table lists the optional reserved claims that you can set on the JWT Settings page in API Gateway.

Claim name Description
exp The exp claim identifies the expiration time on or after which the token is not accepted for processing. The client’s current date and time must be earlier than the expiration date and time listed in the exp claim. The Clock Skew Amount field lets you specify up to 60 seconds of leeway for the validation of this claim.
nbf The nbf claim identifies the time before which the token is not accepted for processing. The client’s current date and time must be later than or equal to the not-before date and time listed in the nbf claim. The Clock Skew Amount field lets you specify up to 60 seconds of leeway for the validation of this claim.
iss The iss claim identifies the issuer of the JWT. This value is case sensitive and must be a string value.
sub The sub claim identifies the subject of the JWT. This value is case sensitive and must be a string value.
aud The aud claim identifies the audience that the JWT is intended for. If the principal that processes the JWT does not identify itself with an identifier in the aud claim value, the server rejects the JWT. This claim is an array of case-sensitive strings, each containing a StringOrURI value.
A valid multiple-entry example:

“aud”: [“aud1”,”aud2”,”aud3”],
A valid single-entry example:

 “aud”: [“aud1”],
iat The iat claim identifies the time the JWT was issued at. You can use this claim to determine the age of a JWT. You can also treat this claim as the nbf claim by enabling the Treat iat as nbf switch.

Return to Configure reserved JWT claims.