The JSON-based access tokens contain one or more claims. A claim is any piece of information that serves as an unique identifier, and that the token issuer who generated the token has verified.

API Gateway extracts the claims from the JWT, and identifies the application that is using the token to access a protected resource. An application that is defined with the claims conveyed by the JWT is identified and allowed access to the protected resource.

For details on how to define JWT claims in an application, see Creating an Application.