# JWT Token Structure

The JWT token issued by the authentication endpoint is used to authorize access to API endpoints.

## 🔐 Token Format

The token is a standard **JSON Web Token (JWT)** and may contain encoded claims such as:

- `sub`: Subject (typically the client ID)
- `exp`: Expiry timestamp
- `iat`: Issued at timestamp


> While the contents of the token are opaque to the client, it should be treated as a **bearer token** and stored securely.


## ⚠️ Important Notes

- Tokens are valid for **40 minutes**
- There are **no refresh tokens** — a new token must be obtained after expiry
- Always send the token using the `Authorization` header



```http
Authorization: Bearer YOUR_ACCESS_TOKEN
```