> ## Documentation Index
> Fetch the complete documentation index at: https://developer.tra.cy/llms.txt
> Use this file to discover all available pages before exploring further.

# JWTs

JWTs ([JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token)) are used for user authentication in web or mobile applications. They have a limited lifespan (**20 minutes**) and require a rotation mechanism using refresh tokens, ensuring a higher level of security for client sessions.

## Usage

To authenticate an HTTP request using a JWT, include the `Authorization` header.

<RequestExample>
  ```bash Example theme={null}
  curl --request GET \
    --url '/records' \
    --header 'Authorization: Bearer <YOUR_JWT>'
  ```
</RequestExample>

## Getting a Token

To get a JWT token, you need to complete three steps:

<Steps>
  <Step title="Create an EmailValidationToken" />

  <Step title="Confirm the EmailValidationToken using the nine-digit code sent to the specified email address" />

  <Step title="Use the confirmed EmailValidationToken to obtain an access token and a refresh token" />
</Steps>

## Token Rotation

As mentioned above, the access token must be refreshed **every 20 minutes**. To get a new pair of tokens, use the refresh token.

<Note>
  Refresh tokens are valid for one month and are single-use.
</Note>