0xPass's JWT Token Scheme


When a user connects their wallet and authenticates themselves, 0xPass provides an authentication token in the form of a JWT.
This provides verifiable proof of wallet ownership and should be used to secure communication between your frontend and backend.


Access Token

Access tokens are JSON Web Tokens (JWT) which contain the following claims with user information such as:
  • sid represents the user's current session ID.
  • sub corresponds to the user's 0xPass ID.
  • iss indicates the token issuer, which should always be 0xpass.io.
  • aud is your project API Key.
  • iat is the timestamp for when the JWT was issued.
  • exp is the timestamp when the JWT will expire and become invalid, typically 1 hour after issuance.



You should use the 0xPass JWT to secure the communication between your frontend and backend. For each of these components, you should do the following: