--- source_url: https://www.pubnub.com/docs/serverless/functions/functions-apis/jwt title: JSON Web Token (JWT) updated_at: 2026-06-04T11:13:42.785Z --- > Documentation Index > For a curated overview of PubNub documentation, see: https://www.pubnub.com/docs/llms.txt > For the full list of all documentation pages, see: https://www.pubnub.com/docs/llms-full.txt # JSON Web Token (JWT) [JSON Web Token](https://www.npmjs.com/package/jsonwebtoken) is a library for generating and verifying JSON Web Tokens (JWTs). The JWT module is available via the following `require()` statement in PubNub Functions: ```javascript const {sign, decode, verify} = require('jwt'); ``` ## Exposed methods Use these methods in your Function code: * [decode](https://github.com/auth0/node-jsonwebtoken#jwtdecodetoken--options) — Extract the payload and, optionally, the header from a token without verifying its signature. * [verify](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) — Verify a token with a secret or public key and validate expected claims. * [sign](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback) — Create and sign a token from a payload and a secret or private key. ## Examples ### Decode ```js const jwt = require('jwt'); // Example token (this should be a valid JWT) const token = 'your.jwt.token.here'; const decoded = jwt.decode(token, { complete: true }); console.log('Decoded Token:', decoded); ``` The `decode` method returns the token’s payload, and if `{ complete: true }` is set, it returns an object containing both the payload and the header. With `{ complete: true }`: ```text Decoded Token: { header: { alg: 'HS256', typ: 'JWT' }, payload: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 }, signature: 'h04J3jUOeGXRHgZzg28pzF5omFxCeK2FlhEXbPZnQ' } ``` Without `{ complete: true }`: ```text Decoded Token: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 } ``` ### Verify ```js const jwt = require('jwt'); const secretKey = 'your-256-bit-secret'; // Example token (ensure you replace this with a valid token signed with the `secretKey`) const token = 'your.jwt.token.here'; try { const decoded = jwt.verify(token, secretKey); console.log('Decoded Payload:', decoded); } catch (err) { console.error('Token verification failed:', err.message); } ``` If the token is successfully verified, the `verify` method returns the decoded payload (or the full token data if `complete: true` is specified). If verification fails (due to tampering, expiration, or using the wrong key), it throws an error. If successful: ```plaintext Decoded Payload: { userId: '123456', username: 'johndoe', iat: 1616239022, exp: 1616242622 } ``` If verification fails: ```plaintext Token verification failed: jwt expired ``` The error message will vary depending on the reason for failure, such as expiration or invalid signature. ### Sign ```js const jwt = require('jwt'); const payload = { userId: '123456', username: 'johndoe' }; const secretKey = 'your-256-bit-secret'; const token = jwt.sign(payload, secretKey, { expiresIn: '1h' }); console.log('Generated Token:', token); ``` The `sign` method returns a JWT as a string. This token can be used in your application for authentication and authorization purposes. ```plaintext Generated Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiIxMjM0NTYiLCJ1c2VybmFtZSI6ImpvaG5kb2UiLCJpYXQiOjE2MTYyMzkwMjIsImV4cCI6MTYxNjI0MjYyMn0.g8h04J3jUOeGXRHgZzg28pzF5omFxCeK2FlhEXbPZnQ ``` The actual token value will differ each time you generate it due to the timestamp and signature. :::note Functions support Functions provides a rich set of tools. For help with situations not covered here, contact [PubNub Support](https://www.pubnub.com/docs/mailto:support@pubnub.com). ::: ## Terms in this document * **PubNub** - PubNub is a real-time messaging platform that provides APIs and SDKs for building scalable applications. It handles the complex infrastructure of real-time communication, including: Message delivery and persistence, Presence detection, Access control, Push notifications, File sharing, Serverless processing with Functions and Events & Actions, Analytics and monitoring with BizOps Workspace, AI-powered insights with Illuminate.