JSON Glossary
Plain-English definitions of the terms you meet when you work with JSON — from core syntax and data types to JSON Schema, JSONPath, JWTs, serialization and the APIs that move JSON around. 176 terms across 10 topics, each linking to the free tool that puts it into practice.
176 terms · updated 2026-07-12JSON Core & Syntax
The literal building blocks of JSON — its values, structure, and the rules of the grammar.
- application/json media type#JSON MIME type · content-type application/json
- application/json is the registered IANA media type (MIME type) that labels a payload as JSON, most often seen in an HTTP Content-Type or Accept header. It signals to clients and servers that the body should be parsed as JSON text encoded in UTF-8. The media type takes no charset parameter because RFC 8259 fixes the encoding, and using it correctly ensures APIs negotiate content reliably.
- Boolean#true · false
- A JSON boolean is one of the two lowercase literal tokens true or false, written without quotes. It represents a binary logical value such as a feature flag or an enabled state. Because the tokens are case-sensitive, variants like True or FALSE are invalid JSON and will cause a parse error, a common mistake when hand-editing configuration files.
- Comments in JSON#JSON comments
- JSON has no syntax for comments; neither // line comments nor /* block */ comments are permitted, and including them yields invalid JSON. Douglas Crockford removed comments deliberately so the format would stay a pure data-interchange grammar that parsers could not misuse for directives. To annotate data, developers add a dedicated string field or switch to a superset like JSON5 or a format such as YAML.✓JSON Validator⇄ymlJSON ⇄ YAML
- Duplicate keys#repeated keys
- Duplicate keys occur when the same string appears as a member name more than once within a single JSON object. RFC 8259 states that keys should be unique but does not forbid repetition, so behavior is implementation-defined: most parsers keep the last occurrence, some keep the first, and a few error or retain all. This ambiguity makes duplicate keys a subtle source of data loss and security bugs.✓JSON Validator
- Escape sequence#escape character
- An escape sequence is a backslash followed by a character that represents another character inside a JSON string. JSON defines eight short escapes — \" \\ \/ \b \f \n \r \t — plus the \uXXXX form for arbitrary code points. Escaping is mandatory for double quotes, backslashes, and control characters, so embedding raw newlines or unescaped quotes in a string produces invalid JSON.\"JSON Escape / Unescape
- Insignificant whitespace#whitespace
- Insignificant whitespace is the spaces, tabs, carriage returns, and line feeds JSON permits between tokens but that carry no meaning, so adding or removing it never changes the parsed value. It is what pretty-printing inserts for readability and what minification strips to shrink payloads. RFC 8259 allows only these four whitespace characters, and only between structural tokens, never inside a number or literal.{ }JSON Formatter≡→JSON Minifier
- JSON (JavaScript Object Notation)#JSON format
- JSON (JavaScript Object Notation) is a lightweight, text-based data interchange format derived from JavaScript object literal syntax but independent of any language. A JSON document serializes a single root value, which may be an object, array, string, number, boolean, or null. Its human-readable structure and near-universal library support make it the default format for web APIs, configuration files, and message payloads.{ }JSON Formatter✓JSON Validator
- JSON array#array · list
- A JSON array is an ordered sequence of zero or more values enclosed in square brackets and separated by commas. Elements may mix types freely, so an array can hold numbers, strings, objects, or nested arrays together. Arrays represent lists and collections; a top-level array of uniform objects is the shape most tools expect when converting JSON into tabular formats like CSV.{ }JSON Formatter→csvJSON to CSV
- JSON number#number
- A JSON number is a base-10 value with an optional leading minus sign, an integer part, an optional fractional part, and an optional exponent. The grammar forbids leading zeros, a leading plus, hexadecimal notation, and the tokens NaN and Infinity, so those must be encoded as strings. JSON does not distinguish integers from floats, leaving precision and type mapping to the parsing language.
- JSON object#object
- A JSON object is an unordered collection of zero or more key/value pairs enclosed in curly braces. Each key is a double-quoted string, separated from its value by a colon, and pairs are separated by commas. Objects model records or dictionaries and can nest other objects and arrays as values, making them the primary structure for representing entities in an API response.{ }JSON Formatter→tsJSON to TypeScript
- JSON string#string
- A JSON string is a sequence of Unicode characters wrapped in double quotes; single quotes are not valid. Certain characters must be escaped with a backslash, including the double quote, the backslash itself, and control characters like newline. Strings serve as object keys and as text values, and are the only JSON type whose contents require escaping to remain syntactically well-formed.\"JSON Escape / Unescape
- Key/value pair (member)#member · name/value pair · property
- A key/value pair, called a member in RFC 8259, is a single entry inside a JSON object consisting of a string key, a colon, and any JSON value. The key names the field and the value holds its data, for example "email": "a@b.com". Members are comma-separated, and by the standard their keys should be unique within one object.
- null#JSON null
- null is the lowercase JSON literal representing an intentionally empty or absent value, distinct from an omitted key, an empty string, or the number zero. It is written without quotes and maps to language equivalents like None, nil, or a null reference. Developers use null to signal that a field exists but has no meaningful value, though APIs vary on whether they emit null or omit the key entirely.
- RFC 8259#STD 90 · ECMA-404
- RFC 8259 is the IETF specification, published in December 2017 as Internet Standard 90 (STD 90), that defines the JSON data interchange format and obsoletes RFC 7159, which had itself obsoleted the original RFC 4627. It mandates UTF-8 for JSON exchanged between systems and specifies the grammar for objects, arrays, and the primitive types. Ecma International publishes an equivalent grammar as ECMA-404, so the two together define conformant JSON.✓JSON Validator
- Structural characters#
- The structural characters are the six tokens the JSON grammar uses to delimit and separate values: the left and right square brackets, the left and right curly braces, the colon, and the comma. Brackets bound arrays, braces bound objects, the colon splits a key from its value, and the comma separates members or elements. RFC 8259 permits insignificant whitespace around these characters, which a tokenizer discards while scanning.{ }JSON Formatter✓JSON Validator
- Trailing comma#dangling comma
- A trailing comma is a comma placed after the final element of an array or the last member of an object. The JSON grammar forbids it, so [1, 2,] and {"a": 1,} are both invalid and rejected by strict parsers, unlike JavaScript or JSON5 which permit it. Trailing commas left behind while editing are among the most frequent causes of JSON parse errors.✓JSON Validator{ }JSON Formatter
- Unicode escape sequence#\uXXXX · unicode escape
- A Unicode escape encodes a character as \u followed by exactly four hexadecimal digits, letting a JSON string contain any code point using only ASCII. Characters above the Basic Multilingual Plane, such as many emoji, require a surrogate pair of two \u escapes. This form is useful for representing control or non-printable characters safely, since a compliant parser expands each escape back to its original character.\"JSON Escape / Unescape
Data Types & Structures
How JSON values map to the data types and structures you use in code.
- Associative array#hash · hash map
- An associative array is a collection that maps unique keys to values, retrieving each value by its key rather than by a numeric index. A JSON object is precisely an associative array whose keys are strings. Many languages implement this concept under different names, and it underlies dictionaries and hash maps elsewhere. The structure is ideal for lookups, configuration, and representing records where each field has a meaningful name.
- Compound value#composite value · container value
- A compound (or composite) value is one built from other values, as opposed to a single scalar. JSON has two compound types: the object, which groups name-value pairs, and the array, which holds an ordered list of elements. These containers can nest arbitrarily, letting one document model complex, hierarchical data. Recognizing which values are compound helps predict how a parser will recurse through a structure.
- Empty array#
- An empty array is written as a pair of brackets with nothing inside and represents an ordered collection with zero elements. Like the empty object, it is a valid JSON value and differs meaningfully from null and from a missing field: it states that a list exists but has no items. Returning an empty array rather than null for absent collections lets clients iterate safely without null checks, a widespread API design convention.
- Empty object#
- An empty object is written as a pair of braces with nothing inside and contains no name-value pairs, yet it is a valid, fully-formed JSON value. It is distinct from null: an empty object asserts that a structure exists but currently holds no members, whereas null asserts the absence of a value entirely. APIs often return an empty object for a resource with no populated fields, and it serves as a safe default when initializing a container before adding keys.
- Flat JSON#flat structure
- Flat JSON is data with little or no nesting, where an object's values are mostly scalars rather than nested objects or arrays. A flat structure maps directly onto tabular formats, so flattening is usually a prerequisite for converting JSON into CSV or spreadsheet rows. Deeply nested documents are often flattened by joining key paths with a delimiter, for instance turning a nested address field into a single dotted column header.→csvJSON to CSV
- Heterogeneous array#mixed-type array
- A heterogeneous array mixes elements of different types or shapes, for example a list holding a number, a string, and an object together. JSON permits this freely because arrays impose no type constraint on their members. While flexible, such arrays complicate downstream typing: a schema generator may fall back to a union type, and strongly typed languages often need a wrapper or tagged union to hold them. They frequently signal data that would read better as an object.→tsJSON to TypeScript§JSON Schema Generator
- Homogeneous array#
- A homogeneous array contains elements that all share the same type or shape, such as an array of numbers or an array of identically structured objects. JSON does not enforce homogeneity, but keeping arrays homogeneous makes data predictable and maps cleanly to typed structures like a TypeScript array or a database table. Tools that infer schemas or generate types assume homogeneity to produce a single element type.→tsJSON to TypeScript§JSON Schema Generator
- Leaf node#leaf
- A leaf node is a node in a tree that has no children, marking the end of a branch. In a JSON document's tree, the leaves are the scalar values (strings, numbers, booleans, and nulls), since objects and arrays are branch nodes that contain further values. Query and path tools ultimately resolve to leaf nodes, and flattening a document is essentially the act of enumerating its leaves along with their key paths.$.JSONPath / JQ Tester
- Map#hash map
- A map is a key-to-value data structure, implemented as JavaScript's Map, Java's HashMap, or Go's map. A JSON object corresponds to a map, but in JavaScript JSON.parse returns a plain object rather than a Map, so converting takes new Map(Object.entries(obj)). A Map accepts keys of any type and preserves insertion order, whereas JSON member names are always strings and object key order is not guaranteed by the specification.→tsJSON to TypeScript
- Nested JSON#deeply nested data · nested data
- Nested JSON places objects and arrays inside other objects and arrays, forming multiple levels of hierarchy. This nesting lets one document represent related entities together, such as a user with an address that contains a list of phone numbers, without separate lookups. Deep nesting adds expressiveness but complicates access, flattening, and querying; path languages like JSONPath exist specifically to reach values buried several levels down.$.JSONPath / JQ Tester→csvJSON to CSV
- Ordered collection#sequence
- An ordered collection preserves the position of its elements, so the first item stays first and iteration follows a defined sequence. In JSON, the array is the ordered collection: element order is significant and must be maintained by parsers and serializers. This matters when sequence carries meaning, such as timeline events, ranked results, or spreadsheet rows, because reordering an array changes the data, unlike reordering object keys.→csvJSON to CSV
- Scalar value#atomic value · scalar
- A scalar is a single, indivisible value that holds exactly one piece of data rather than a collection of values. In JSON, the scalar types are strings, numbers, booleans (true or false), and null. Developers use the term to separate these atomic values from arrays and objects, which contain other values. When flattening JSON for a CSV export or database columns, scalars map cleanly to individual cells or fields.→csvJSON to CSV
- Tree structure#hierarchical data · tree
- A tree structure is a hierarchy of nodes descending from a single root, where each node may have children but only one parent. Any JSON document forms a tree: the root value branches into objects and arrays whose members and elements are child nodes, down to scalar leaves. This model underlies how parsers build an in-memory representation and how editors render collapsible tree views for navigation.{ }JSON Formatter$.JSONPath / JQ Tester
- Unordered collection#
- An unordered collection stores elements without a guaranteed sequence, identifying them by key rather than by position. The JSON specification treats an object as an unordered set of name-value pairs, so two objects with the same members in a different order are considered equal. In practice most parsers preserve insertion order, but relying on object key order is non-portable. Comparison and diffing tools often ignore key order by design.±JSON Diff / Compare
JSON Dialects & Variants
Formats built on top of JSON, plus the binary cousins that trade text for speed.
- Amazon Ion#Ion
- Amazon Ion is a richly typed data serialization format, created by Amazon, that offers interchangeable text and binary encodings from one data model. Its text form is a superset of JSON, so any JSON document is valid Ion, but Ion adds types JSON lacks such as timestamps, arbitrary-precision decimals, symbols, blobs, and type annotations. The dual encodings let systems debug in readable text yet transmit compact binary.
- BSON#Binary JSON
- BSON (Binary JSON) is a binary-encoded serialization format used internally by MongoDB to store documents and transfer data. It mirrors the JSON data model but adds types JSON lacks, such as dates, 64-bit integers, decimal128, binary blobs, and ObjectIds, and prefixes elements with length information for fast traversal. BSON is not human-readable and is usually larger than the equivalent JSON text, trading size for richer types and scanning speed.
- Canonical JSON#Deterministic JSON · JCS
- Canonical JSON is any scheme that serializes equivalent data to one byte-for-byte identical form, so that hashing or digital signatures produce stable results. Rules typically fix object key ordering, remove insignificant whitespace, and normalize number and string escaping. The IETF's JSON Canonicalization Scheme (JCS, RFC 8785) is one such standard. Deterministic output matters for signing payloads, content-addressing, deduplication, and comparing documents reliably.≡→JSON Minifier±JSON Diff / Compare
- CBOR#Concise Binary Object Representation
- CBOR (Concise Binary Object Representation) is a binary data format defined by RFC 8949 whose model is based on JSON but extended for compactness and richer types. It encodes without a schema, supports streaming with indefinite-length items, and adds tags for values such as dates and big numbers. CBOR underpins standards including COSE, CWT, and WebAuthn, where small, deterministic, machine-oriented encoding matters more than readability.
- GeoJSON#
- GeoJSON is a JSON-based format, standardized as RFC 7946, for encoding geographic data structures such as points, lines, and polygons. It represents features with a geometry object and arbitrary properties, using coordinate arrays ordered as longitude then latitude in the WGS84 reference system. Because it is plain JSON, GeoJSON is widely supported by mapping libraries and web APIs, making it a common interchange format for spatial data.✓JSON Validator
- HAL#Hypertext Application Language
- HAL (Hypertext Application Language) is a convention for designing hypermedia REST APIs in JSON, with a parallel XML form. A HAL document places related links under a reserved _links object and embeds associated resources under _embedded, each link identified by a relation name and a URI. By standardizing how links are expressed, HAL lets clients discover and navigate an API dynamically rather than hard-coding endpoint paths.$.JSONPath / JQ Tester
- Hjson#Human JSON
- Hjson, short for Human JSON, is a syntax extension of JSON aimed at hand-editing and configuration. It makes quotes and commas optional, allows comments, and supports multi-line strings, prioritizing readability over strictness. Hjson is not a data-interchange format itself; tools parse it and emit standard JSON for machines to consume. It competes with JSON5 and YAML for the human-friendly configuration niche.{ }JSON Formatter
- JSON Text Sequences#json-seq · RFC 7464
- A JSON Text Sequence, defined by RFC 7464 with the media type application/json-seq, concatenates multiple JSON values by prefixing each with an ASCII record separator control character (U+001E) and following it with a newline. The leading separator lets a reader resynchronize after a truncated or malformed record, unlike newline-delimited JSON (NDJSON). It targets streaming and logging pipelines that append values incrementally.
- JSON-LD#JSON for Linked Data
- JSON-LD (JSON for Linked Data) is a W3C standard for encoding linked data using ordinary JSON. A special @context maps the document's keys to globally unique Internationalized Resource Identifiers (IRIs), giving terms unambiguous meaning across systems. It is widely used for structured data on web pages, where search engines read schema.org vocabularies expressed as JSON-LD to power rich results, and in knowledge graphs and semantic web applications.✓JSON Validator
- JSON:API#JSON API
- JSON:API is a specification for building APIs in JSON that standardizes how clients request and modify resources and how responses are shaped. It defines conventions for a top-level data object, resource identifiers with type and id, relationships, included compound documents, pagination, filtering, and sparse fieldsets. By fixing these details, JSON:API reduces bikeshedding and enables shared client libraries, using the application/vnd.api+json media type.$.JSONPath / JQ Tester
- JSON5#
- JSON5 is a superset of JSON that extends the syntax to be more convenient for hand-written configuration files. It permits comments, trailing commas, single-quoted and unquoted object keys, hexadecimal numbers, leading or trailing decimal points, and multi-line strings. Because browsers and standard parsers accept only strict JSON, JSON5 must be read with a dedicated parser and is typically converted back to plain JSON before transmission or storage.{ }JSON Formatter✓JSON Validator
- JSONC#JSON with Comments
- JSONC, short for JSON with Comments, is an informal variant of JSON that allows single-line (//) and block (/* */) comments. Popularized by Visual Studio Code for its settings and configuration files, it often also tolerates trailing commas. Standard JSON.parse rejects comments, so JSONC content must be stripped of them or read with a lenient parser before it can be consumed as ordinary JSON.≡→JSON Minifier{ }JSON Formatter
- JSONP#JSON with Padding
- JSONP (JSON with Padding) is a legacy technique for requesting data across origins by exploiting the fact that script tags are not restricted by the same-origin policy. The server wraps the JSON payload in a function call whose name the client supplies, and the browser executes it on load. Because it runs arbitrary returned code and predates CORS (Cross-Origin Resource Sharing), JSONP is now considered insecure and largely obsolete.
- MessagePack#msgpack
- MessagePack is a binary serialization format that encodes the same data model as JSON but in a far more compact byte stream. Small integers, short strings, and common values pack into one or a few bytes, and it supports typed extensions and raw binary that JSON cannot carry directly. It is faster to parse and smaller on the wire, making it popular for caching, messaging, and bandwidth-sensitive APIs where human readability is unimportant.≡→JSON Minifier
- MongoDB Extended JSON#Extended JSON · EJSON
- MongoDB Extended JSON, often called EJSON, is a convention for representing BSON-specific types in plain JSON text so they survive round-trips through JSON-only tools. Because JSON has no native date, ObjectId, or 64-bit integer, these are wrapped in reserved keys such as {"$oid": ...} or {"$date": ...}. It comes in relaxed and canonical modes, and is what MongoDB tools like mongoexport and mongoimport read and write.✓JSON Validator
- NDJSON#JSON Lines · JSONL
- NDJSON (Newline-Delimited JSON) is a format that stores a sequence of independent JSON values, one per line, separated by newline characters. Also known as JSON Lines or JSONL, it suits streaming, logging, and large datasets because each record can be parsed and processed individually without loading the whole file. Unlike a standard JSON array, the document as a whole is not valid JSON, which lets producers append records incrementally.→csvJSON to CSV
- TopoJSON#
- TopoJSON is an extension of GeoJSON that encodes topology by storing shared boundaries, called arcs, only once instead of duplicating coordinates for adjacent shapes. This eliminates redundancy and can shrink geographic files substantially, which is valuable for delivering maps to browsers. TopoJSON also supports quantized, integer coordinates for further compression. Clients typically convert it back to GeoJSON before rendering, since most drawing tools consume GeoJSON directly.
- UBJSON#Universal Binary JSON
- UBJSON (Universal Binary JSON) is a binary serialization format designed to mirror JSON's data model exactly while remaining simple and quick to parse. Every value carries a one-byte type marker, and it adds nothing beyond JSON's types except explicit integer widths and a byte type, so any UBJSON document maps losslessly to and from JSON. It aims for a balance between the compactness of binary formats and the universality of JSON.
Schema & Validation
Describing the shape of JSON and validating documents against it.
- $defs keyword#
- $defs is a reserved location inside a JSON Schema for holding reusable subschemas that other parts reference with $ref. It has no validation effect on its own; it simply provides a standard container for named definitions, replacing the older definitions keyword. Grouping shared shapes such as an address or a timestamp under $defs keeps them defined once and makes recursive structures, like a tree node that references itself, straightforward to express.§JSON Schema Generator
- $id keyword#
- The $id keyword assigns a base URI (Uniform Resource Identifier) to a schema or subschema, establishing an identity that other schemas can target with $ref. It also sets the base against which relative references are resolved, so nested $id values create scoped resolution boundaries. Giving reusable schemas a stable $id lets them be registered, cached, and shared across files without collisions.§JSON Schema Generator
- $ref keyword#reference · JSON reference
- The $ref keyword replaces a schema with a reference to another schema, identified by a Uniform Resource Identifier (URI) or a JSON Pointer such as #/$defs/address. It enables reuse, recursion, and modular design by pointing to definitions elsewhere in the same document or in external files. Resolving a $ref means substituting the referenced schema during validation, which keeps large schemas maintainable and lets shared shapes be defined once.§JSON Schema Generator
- $schema keyword#
- The $schema keyword appears at the root of a JSON Schema and holds a URI (Uniform Resource Identifier) identifying the specification draft the schema is written against, such as the draft 2020-12 meta-schema URL. Validators read it to decide which keywords and semantics to apply, since behaviour differs between drafts. Declaring it removes ambiguity; omitting it makes many validators silently fall back to a default dialect.✓JSON Validator
- additionalProperties keyword#
- The additionalProperties keyword controls whether a JSON object may contain members beyond those named in properties and patternProperties. Set to false, it rejects any unexpected key; set to a schema, it constrains the values of those extra keys. It is the main tool for locking down object shapes, catching typos or unauthorized fields, and enabling strict validation of API request bodies.✓JSON Validator
- Conditional subschemas (if/then/else)#if/then/else
- The if, then, and else keywords express conditional validation: when an instance validates against the if subschema it must also satisfy then, otherwise it must satisfy else. This lets one schema demand different shapes depending on a value, for example requiring a routingNumber only when "method" equals "bank". Introduced in Draft 7 and retained since, it pairs naturally with const to branch off a discriminator field.✓JSON Validator
- const keyword#
- The const keyword restricts a JSON value to a single allowed constant, validating only when the instance deep-equals the given value, which may be any JSON type including an object or array. It expresses the same intent as an enum with one entry but reads more clearly. Developers use const to pin discriminator fields, such as a fixed "type": "invoice" tag inside a tagged union.§JSON Schema Generator✓JSON Validator
- enum keyword#
- The enum keyword restricts a value to a fixed set of allowed options listed in an array, such as ["draft","published","archived"]. An instance validates only if it deep-equals one of the entries, which may be any JSON type, not just strings. It is the standard way to model closed vocabularies like status fields. For a single permitted value, the const keyword expresses the same intent more directly.§JSON Schema Generator→tsJSON to TypeScript
- format keyword#
- The format keyword annotates a string with a well-known semantic shape such as email, uri, date-time, uuid, or ipv4. Its enforcement is optional: some validators treat format only as an annotation while others assert it, so behaviour varies by tool and configuration. When active, it offers a concise alternative to hand-writing regular expressions for common string shapes, though a custom pattern is still needed for anything nonstandard.✓JSON Validator
- items keyword#
- The items keyword defines the schema that array elements must satisfy, enforcing a uniform element type such as an array of integers. Since Draft 2020-12, fixed positional entries are described by prefixItems, and items governs only the elements after those, acting as a constraint on the array's remainder. Combined with minItems, maxItems, and uniqueItems, it fully specifies the contents of a JSON array.§JSON Schema Generator
- JSON Schema#
- JSON Schema is a declarative vocabulary, itself written in JSON, that describes the expected structure, data types, and constraints of a JSON document. A validator compares an instance against the schema and reports whether it conforms. Developers use it to enforce API request and response shapes, validate configuration files, drive form generation, and produce documentation from a single machine-readable source of truth.✓JSON Validator§JSON Schema Generator
- JSON Schema Draft 2020-12#Draft 2020-12 · 2020-12 dialect
- Draft 2020-12 is the most recent published revision of the JSON Schema specification, released in December 2020. Its principal change replaced the two-form items/additionalItems array handling with prefixItems for positional entries and items for the rest, and it reworked dynamic references into $dynamicRef and $dynamicAnchor. The vocabulary system, $defs, and dynamic references were actually introduced in the earlier Draft 2019-09. Because drafts are not always backward compatible, the $schema keyword should declare which draft a schema targets.§JSON Schema Generator✓JSON Validator
- Meta-schema#
- A meta-schema is a JSON Schema that describes the structure of schemas themselves, so a schema can be validated for correctness the same way an ordinary instance is. Each specification draft publishes a meta-schema at a stable URI, and the $schema keyword points at it to declare the dialect in use. Validators load the meta-schema to check that keywords are spelled correctly and given values of the right type.✓JSON Validator§JSON Schema Generator
- minimum and maximum keywords#
- The minimum and maximum keywords set inclusive numeric bounds, asserting that a number is at least minimum and at most maximum; exclusiveMinimum and exclusiveMaximum express strict bounds instead. Parallel keywords minLength and maxLength constrain string length, while minItems and maxItems constrain array size. Together these give fine-grained control over ranges and sizes, catching values like a negative age or an oversized list before they reach application logic.✓JSON Validator
- pattern keyword#
- The pattern keyword constrains a string to match a regular expression, for example ^[A-Z]{2}\d{4}$ for a product code. The expression is unanchored unless you add ^ and $, and JSON Schema expects ECMAScript regular-expression syntax for portability across validators. It handles formats that the built-in format keyword does not cover, such as custom identifiers, URL slugs, or locale-specific phone numbers.✓JSON Validator
- patternProperties keyword#
- The patternProperties keyword maps regular expressions to subschemas, applying a subschema to every object member whose key matches the corresponding pattern. It validates objects with dynamic key names rather than fixed ones, such as arbitrary identifiers that must each hold a number. It works alongside properties and additionalProperties: a member matching any pattern must satisfy that subschema, and additionalProperties then governs only keys matched by neither.§JSON Schema Generator✓JSON Validator
- properties keyword#
- The properties keyword defines the schema for each named member of a JSON object, mapping keys to the subschemas their values must satisfy. It only validates the keys it lists and does not by itself make any of them mandatory; enforcing presence is the job of the required keyword. Unlisted keys are permitted unless additionalProperties restricts them, so properties, required, and additionalProperties are typically used together.§JSON Schema Generator
- required keyword#
- The required keyword lists the property names that must be present in a JSON object for it to validate. It takes an array of strings and only checks presence, not the value's type or format, which the matching entry under properties handles. A missing required key produces a validation error, making this the primary way to enforce mandatory fields in API payloads and configuration objects.✓JSON Validator
- Schema composition (oneOf, anyOf, allOf, not)#combinators · applicator keywords
- Schema composition combines multiple subschemas with boolean logic. allOf requires an instance to satisfy every listed schema, anyOf requires at least one, and oneOf requires exactly one, while not inverts a schema so the instance must fail it. These combinators model intersections, unions, and conditional shapes, such as a payload that is either a card or a bank transfer. Overlapping oneOf branches are a frequent source of confusing validation errors.✓JSON Validator§JSON Schema Generator
- Schema inference#schema generation · type inference
- Schema inference is the process of examining one or more example JSON documents and generating a schema or type definition that describes their shape, instead of writing it by hand. Tools scan values to guess types, mark optional fields, and merge variations across samples into unions. The output may be a JSON Schema, a TypeScript interface, or another type system, and usually needs manual refinement since examples rarely cover every case.§JSON Schema Generator→tsJSON to TypeScript
- Schema validation error#validation error
- A schema validation error is what a validator emits when a JSON instance violates a schema constraint, reporting what failed and where. Most validators return the offending keyword, the instance location as a JSON Pointer, the schema location, and a human-readable message. Unlike a parse error, which means the JSON is malformed, a validation error means the JSON is well-formed but does not match the expected schema. Inspecting these paths pinpoints the exact field to fix.✓JSON Validator
- type keyword#
- The type keyword constrains an instance to one of the type names JSON Schema defines: string, number, integer, boolean, object, array, or null. Note that integer is a Schema-level refinement of number, not a separate JSON type, since JSON does not distinguish integers from floats. It accepts a single name or an array such as ["string","null"] for a nullable string, and is usually the first check a validator performs before evaluating more specific constraints.§JSON Schema Generator→tsJSON to TypeScript
- unevaluatedProperties keyword#
- The unevaluatedProperties keyword, added in Draft 2020-12, constrains object members that no other keyword has already evaluated, taking annotation results from properties, patternProperties, and applicators like allOf into account. Unlike additionalProperties, which ignores subschemas combined through allOf, it can forbid stray keys across composed schemas, making it the correct tool for locking down shapes built by extension. A parallel unevaluatedItems does the same for arrays.✓JSON Validator
Querying & Transformation
Addressing, extracting, and patching values inside a JSON document.
- Array slice#slice · array slicing
- An array slice selects a contiguous range of elements using start, end, and optional step bounds, borrowing Python's syntax. In JSONPath, $.items[0:3] returns the first three elements, [-2:] the last two, and [::2] every second one. The end index is exclusive and negative values count back from the array's end. Slicing is handy for pagination-style extraction and sampling, and the same notation appears in JMESPath and similar tools.$.JSONPath / JQ Tester
- Dot notation vs bracket notation#dot notation · bracket notation
- Dot and bracket notation are the two ways a path expression steps into JSON. Dot notation, like $.user.name, is terse and reads naturally but only works when a key is a valid identifier. Bracket notation, like $['user']['first name'], quotes the key and is required when a property contains spaces, hyphens, or other special characters; it also holds numeric array indexes such as [0]. Most JSONPath and JMESPath engines accept both forms interchangeably wherever the key permits.$.JSONPath / JQ Tester
- Filter expression#filter · predicate
- A filter expression selects array elements that satisfy a condition rather than by position. In JSONPath the syntax is [?(...)], as in $.books[?(@.price < 10)], where @ refers to the element currently being tested. Filters support comparisons, logical operators, and existence checks, so a query returns only the matching items. JMESPath offers equivalent [?expr] filters and jq uses select(). Filters turn a path language into something closer to a lightweight query engine.$.JSONPath / JQ Tester
- JMESPath#
- JMESPath is a query language for JSON that extracts and reshapes data through expressions evaluated against a document. It supports index and key access, wildcards, slices, multiselect projections, filters, built-in functions, and pipe operators that let one expression feed another. Unlike early JSONPath, it has a formal grammar and a shared compliance test suite, so results stay consistent across language implementations. It is widely embedded, most visibly in the Amazon Web Services CLI's --query option and several cloud SDKs.
- jq#
- jq is a command-line processor and domain-specific language for slicing, filtering, mapping, and transforming JSON. Programs are built from filters connected by a pipe (|), so the output of one stage feeds the next, much like Unix pipelines. It can stream input, construct new objects and arrays, and use functions, conditionals, and recursion. Developers reach for jq in shell scripts and continuous-integration pipelines to reshape API responses without writing throwaway code.{ }JSON Formatter
- JSON Merge Patch (RFC 7386)#RFC 7386 · Merge Patch
- JSON Merge Patch is a simpler alternative to JSON Patch, defined by RFC 7386, in which the patch is itself a JSON document mirroring the target's shape. Present members are recursively merged or overwritten, and a member set to null signals deletion. This keeps common updates concise, but the null convention means it cannot store an actual null value or edit individual array elements in place. Its media type is application/merge-patch+json.±JSON Diff / Compare
- JSON Patch (RFC 6902)#RFC 6902
- JSON Patch is a format, specified by RFC 6902, for describing changes to a JSON document as an ordered array of operations. Each operation is an object with an op field — add, remove, replace, move, copy, or test — plus a JSON Pointer path locating the target. Sent with the application/json-patch+json media type, it lets a client update part of a resource over HTTP PATCH instead of replacing the whole thing. The test operation enables optimistic concurrency checks.±JSON Diff / Compare
- JSON Pointer (RFC 6901)#RFC 6901 · JSON Pointer
- A JSON Pointer is a compact string syntax, defined by RFC 6901, that identifies one specific value within a JSON document. It is a sequence of reference tokens separated by slashes, such as /users/0/name, where each token names an object key or array index. Because slash and tilde are structural characters, they are escaped as ~1 and ~0. Pointers appear inside JSON Patch, the JSON Schema $ref keyword, and validation errors that must point at an exact location.
- JSONata#
- JSONata is a lightweight query and transformation language for JSON, inspired by XPath 3.1, that both selects data and computes new structures. Beyond navigation with paths, wildcards, and predicates, it offers arithmetic, string and aggregation functions, conditionals, variables, and user-defined functions. A single expression can map an input document into an entirely different output shape, which makes it popular in integration and low-code tools such as visual workflow builders. Implementations exist for JavaScript, Java, Python, and other runtimes.
- JSONPath#RFC 9535
- JSONPath is a query language for JSON that selects nodes from a document using path expressions, modeled loosely on XPath for XML. A query begins at the root ($) and walks into objects and arrays using dot or bracket steps, wildcards, filters, and recursive descent. Originally proposed by Stefan Goessner in 2007, it was standardized as RFC 9535 in 2024, which reconciled many differences between the incompatible dialects that earlier libraries had shipped.$.JSONPath / JQ Tester
- Projection#
- A projection is a query operation that applies an expression across a collection and gathers the results into a new list, reshaping data as it selects. In JMESPath, people[*].name projects the name of every element, and multiselect syntax can build fresh objects or arrays per item. The idea parallels SQL's SELECT column list and jq's map function. Projections are how query languages transform rather than merely extract, letting one expression flatten or restructure nested JSON.→csvJSON to CSV
- Recursive descent#deep scan · ..
- Recursive descent is a JSONPath operator, written as two dots (..), that searches a document at any depth rather than a single level. The expression $..author finds every author key anywhere in the tree, regardless of nesting. It is powerful for locating values in irregular or deeply nested data, but can be costly on large documents and may match more nodes than intended. Comparable deep-scan behavior appears in other query languages under different syntax.$.JSONPath / JQ Tester
- Root node identifier ($)#$ · root selector
- The root node identifier, the dollar sign ($), marks the start of a JSONPath expression and refers to the whole document being queried. Every path is evaluated relative to it, so $.store.book[0] descends from the root into store, then book, then the first element. It pairs with the current-node symbol (@), which refers to the element under evaluation inside a filter. JMESPath omits a root symbol, while jq uses a leading dot for the same purpose.$.JSONPath / JQ Tester
- SQL/JSON#
- SQL/JSON is the set of functions and operators, standardized in SQL:2016 and later revisions, that let relational databases store, query, and generate JSON. It includes path expressions modeled on JSONPath, predicates like JSON_EXISTS, accessors like JSON_VALUE and JSON_QUERY, and JSON_TABLE for projecting JSON into rows and columns. Engines such as PostgreSQL, Oracle, and SQL Server implement overlapping subsets, letting applications keep semi-structured JSON columns beside typed relational data.$.JSONPath / JQ Tester
- Structural diff#JSON diff · semantic diff
- A structural diff compares two JSON documents by their parsed trees rather than their text, reporting added, removed, and changed values by path while ignoring insignificant whitespace and, usually, object key order. This surfaces meaningful changes that a line-based text diff would misreport. Developers use it to review configuration changes, assert on API responses in tests, and derive patch documents such as JSON Patch.±JSON Diff / Compare
- Wildcard#wildcard selector · *
- A wildcard is a path selector, written as an asterisk, that matches every child at a level instead of one named key or index. In JSONPath, $.items[*].price returns the price of each element in items, and $.* returns all top-level values. A wildcard yields a list of matches rather than a single node, so later steps operate over the whole collection. It is central to projections and to querying arrays whose length is unknown in advance.$.JSONPath / JQ Tester
Serialization & Processing
Turning data into JSON text and back — parsing, stringifying, and everything between.
- Deserialization#Decoding
- Deserialization is the reverse of serialization: reading a serialized representation and rebuilding the original in-memory data structure from it. For JSON this means parsing JSON text into native objects, arrays, strings, numbers, and booleans, as JSON.parse or Python's json.loads do. Deserializing untrusted input is a common source of bugs and security issues, so validating the shape of the result against a schema before using it is good practice.✓JSON Validator
- JSON parser#Parser
- A JSON parser is the software component that reads JSON text and produces either an in-memory value or a stream of parse events. Parsers range from a single JSON.parse call to hand-written state machines and generated grammars used in high-performance libraries. A conforming parser accepts every valid RFC 8259 document and rejects malformed input; strict parsers also reject non-standard extras such as comments or trailing commas.✓JSON Validator{ }JSON Formatter
- JSON.parse#
- JSON.parse is JavaScript's built-in method for deserializing a JSON string into the corresponding value. It throws a SyntaxError if the text is not valid JSON, so calls are typically wrapped in try/catch. An optional reviver function lets you transform each parsed key/value pair before it is returned, commonly used to convert ISO 8601 date strings into Date objects or to filter out unwanted keys.✓JSON Validator
- JSON.stringify#stringify
- JSON.stringify is JavaScript's built-in method for serializing a value into a JSON string. It accepts optional replacer and space arguments: the replacer filters or transforms values, and space controls indentation for pretty-printing. Values it cannot represent — functions, undefined, and symbols — are dropped from objects or become null inside arrays, and any object exposing a toJSON method is serialized via that method's return value.{ }JSON Formatter≡→JSON Minifier
- Marshalling / Unmarshalling#Marshaling · Unmarshaling
- Marshalling transforms an in-memory object into a format suitable for storage or transmission — effectively a synonym for serialization, and the preferred term in Go, Java, and older RPC (Remote Procedure Call) systems. Unmarshalling is the inverse, reconstructing a typed object from the wire format. Go's encoding/json package, for example, exposes Marshal and Unmarshal functions that convert between structs and JSON, using struct tags to map field names.→tsJSON to TypeScript
- Minification#Minify · Compact JSON
- Minification removes all insignificant whitespace — spaces, tabs, and newlines between tokens — to produce the smallest valid JSON text. The parsed data is identical, so minified and pretty-printed versions deserialize to exactly the same value. Minifying reduces payload size and speeds up network transfer, which is why APIs typically send compact JSON and reserve indentation for human-facing tools. JSON.stringify without a space argument emits minified output by default.≡→JSON Minifier{ }JSON Formatter
- Parsing#
- Parsing is the act of analyzing JSON text according to the grammar defined by RFC 8259 and turning it into a structured, in-memory representation. A parser scans the characters, groups them into tokens, and checks that braces, brackets, commas, colons, and quotes form a valid document. If the input violates the grammar the parser reports a syntax error, typically with a line and column position pinpointing where the problem occurred.✓JSON Validator{ }JSON Formatter
- Pretty-print / Beautify#Beautify · Prettify · Format
- Pretty-printing, also called beautifying, reformats JSON with consistent indentation and line breaks so nested structure is easy for a human to scan. The data itself is unchanged — only insignificant whitespace between tokens is added. In JavaScript, JSON.stringify(value, null, 2) produces two-space indentation, and most editors and formatters offer a configurable indent width. Pretty-printed JSON is ideal for debugging and version control, though larger than its minified equivalent.{ }JSON Formatter
- Replacer function#replacer
- The replacer is the optional second argument to JSON.stringify that customizes serialization. Passed as a function, it is called for every key/value pair and its return value is written to the output, letting you transform, redact, or omit fields; returning undefined drops a property entirely. Passed instead as an array of strings, it acts as an allowlist, serializing only the named properties. It is commonly used to strip secrets or shrink payloads.{ }JSON Formatter
- Reviver function#reviver
- The reviver is the optional second argument to JSON.parse, a function invoked for each key/value pair as the parsed result is rebuilt from the innermost values outward. Its return value replaces the original, and returning undefined deletes the key. Typical uses include rehydrating ISO 8601 date strings into Date objects, converting numeric strings to BigInt, or removing fields, giving deserialization a typed, application-specific shape.
- Round-trip fidelity#Round-tripping · Lossless round-trip
- Round-trip fidelity is the degree to which data survives serialization and deserialization unchanged — parse then re-serialize, and you should recover an equivalent value. JSON loses fidelity in several ways: object key order and whitespace are not guaranteed, large integers can lose precision as IEEE 754 double-precision floats, and types like Date or BigInt have no native representation. Awareness of these gaps matters when comparing or hashing JSON documents.±JSON Diff / Compare
- Serialization#Serializing · Encoding
- Serialization is the process of converting an in-memory data structure — an object, array, map, or record — into a flat sequence of characters or bytes that can be stored or transmitted. In the JSON world it means producing JSON text from a native value, as JavaScript's JSON.stringify or PHP's json_encode do. Because JSON is text-based and language-independent, serialized output can travel across networks and be reconstructed by any platform that can read JSON.{ }JSON Formatter≡→JSON Minifier
- Streaming parser (SAX-style)#SAX parsing · Event-based parsing
- A streaming parser reads JSON incrementally and emits events — start of object, key, value, end of array — as it encounters them, without building the whole document in memory. Modeled on XML's SAX (Simple API for XML) approach, it suits very large files and network streams where a full tree would not fit in RAM. The trade-off is a more complex, callback-driven model compared with loading everything at once via JSON.parse.
- String escaping#Escape · Unescape
- String escaping replaces characters that cannot appear literally inside a JSON string with backslash sequences: a double quote becomes \", a backslash becomes \\, and control characters such as newline and tab become \n and \t. Any character may also be written as a \uXXXX Unicode escape. Escaping is essential when embedding one JSON document inside another as a string value; unescaping reverses it to recover the original readable text.\"JSON Escape / Unescape
- Tokenizer / Lexer#Lexer · Scanner · Lexical analysis
- A tokenizer, also called a lexer, is the first stage of a parser: it scans raw JSON characters and groups them into meaningful tokens such as strings, numbers, structural punctuation, and the literals true, false, and null. The parser then checks that these tokens appear in an order the grammar allows. Separating lexing from parsing keeps each stage simpler and makes precise, position-aware error reporting easier to implement.✓JSON Validator
Web APIs & Data Exchange
How JSON travels between clients and servers over HTTP.
- Accept header#Accept
- The Accept header is sent by a client to state which media types it can handle in the response, for example Accept: application/json. The server uses it to choose a representation, returning JSON when the client asks for it. This header drives content negotiation, letting a single endpoint serve JSON, XML, or other formats depending on who is calling and what they prefer.
- API#Application Programming Interface
- An Application Programming Interface (API) is a defined contract that lets one piece of software request data or actions from another without knowing its internal implementation. On the web, most APIs accept and return JSON because it is lightweight, language-neutral, and quick to parse. Developers care because a stable API lets frontends, mobile apps, and third-party services integrate against the same backend reliably as it evolves.◌Mock JSON Data Generator
- Content negotiation#conneg
- Content negotiation is the mechanism by which a client and server agree on the format of a response. The client signals its preference through headers such as Accept and Accept-Language, and the server replies with a matching representation plus a Content-Type header confirming the choice. It lets one endpoint return JSON to an API client and XML or HTML to another, without changing the URL.⇄xmlJSON ⇄ XML
- Content-Type header#Content-Type · media type header
- The Content-Type header declares the media type of a message body so the receiver knows how to parse it. For JSON APIs its value is application/json, telling the server or client to read the body as JSON rather than form data or plain text. Sending the wrong Content-Type is a common bug, causing servers to ignore a JSON body or reject the request as an unsupported type.
- CORS#Cross-Origin Resource Sharing
- Cross-Origin Resource Sharing (CORS) is a browser security mechanism that controls whether a web page on one origin may call an API on a different origin. The server opts in by returning headers like Access-Control-Allow-Origin, and browsers may first send a preflight OPTIONS request. Developers meet CORS when a fetch to a JSON API is blocked in the browser but works fine from a server or curl.
- Endpoint#API endpoint · route
- An endpoint is a specific URL where an API exposes a resource or operation, such as /users/42 or /orders. A client sends an HTTP request to the endpoint and usually receives a JSON response describing the result. Developers care because clearly and consistently named endpoints make an API predictable, and each endpoint typically pairs with the HTTP methods it accepts, like GET or POST.
- ETag#
- An ETag (entity tag) is an opaque identifier a server returns in a response header to version a resource, typically a hash or revision of its JSON representation. Clients send it back in If-None-Match to revalidate a cache, receiving 304 Not Modified when unchanged, or in If-Match to make a write conditional. This supports optimistic concurrency, letting an update fail with 412 Precondition Failed if another client changed the resource first.
- GraphQL#
- GraphQL is a query language and runtime for APIs that lets a client request exactly the fields it needs in a single call, instead of fetching fixed resources from many endpoints. Requests and responses are JSON, with the returned data shaped to match the query. Developers adopt it to avoid over-fetching and under-fetching, and to evolve a strongly typed schema served from a single endpoint.→tsJSON to TypeScript
- gRPC#
- gRPC is a high-performance remote procedure call framework from Google that runs over HTTP/2 and serializes messages with Protocol Buffers by default rather than JSON. Its schema-driven binary encoding and bidirectional streaming make it popular for internal microservice communication, while gRPC-Web and JSON transcoding let browsers and REST clients interact using JSON. Compared with JSON REST APIs it trades human readability and ubiquity for speed and strong typing.
- HATEOAS#Hypermedia as the Engine of Application State · hypermedia
- HATEOAS (Hypermedia as the Engine of Application State) is a REST constraint in which responses include links telling a client which actions and resources are available next. A JSON representation of an order might embed links to cancel or pay it, so the client discovers navigation dynamically instead of hardcoding URLs. It marks the most mature level of REST but is rarely adopted in full in practice.
- HTTP method#HTTP verb · request method
- An HTTP (Hypertext Transfer Protocol) method, or verb, declares the action a request intends to perform on a resource: GET reads, POST creates, PUT and PATCH update, and DELETE removes. Web APIs use these methods to give the same endpoint URL different behaviours, with JSON commonly sent in the body of POST, PUT, and PATCH requests. Choosing the correct method keeps an API predictable and lets caches and proxies behave safely.
- HTTP status code#response code · status code
- An HTTP status code is a three-digit number a server returns to summarise a request's outcome: 2xx signals success, 3xx redirection, 4xx client errors like 404 Not Found, and 5xx server errors. JSON APIs pair the code with a response body that adds detail, such as a validation error object. Reading status codes correctly lets clients branch between success handling and error handling reliably.
- Idempotency key#
- An idempotency key is a unique client-generated token, sent in a request header, that lets a server deduplicate retried requests so a repeated call has the same effect as a single one. It matters for non-idempotent operations like a POST that creates a record or charges a payment, where a network retry could otherwise duplicate the action. The server stores the key with its first JSON response and replays that result for later requests bearing the same key.
- JSON-RPC#JSON Remote Procedure Call
- JSON-RPC (JSON Remote Procedure Call) is a lightweight protocol for calling named methods on a remote server using JSON messages. A request object names a method, supplies params, and carries an id that the server echoes back in its matching response. Unlike REST, it is action-oriented rather than resource-oriented, which suits internal services and blockchain nodes that expose function-style calls over a single endpoint.{ }JSON Formatter
- OpenAPI (Swagger)#Swagger · OpenAPI Specification · OAS
- OpenAPI, formerly known as Swagger, is a specification for describing a REST API in a single machine-readable document written in JSON or YAML. It defines endpoints, parameters, request and response schemas, and authentication, enabling generated documentation, client SDKs, and mock servers. Because its schemas mirror JSON Schema, teams use an OpenAPI file as the contract that keeps producers and consumers of a JSON API in sync.§JSON Schema Generator
- Pagination#paging
- Pagination is the practice of splitting a large collection into smaller pages so an API returns a manageable slice per request instead of every record at once. Common styles are offset-based, using page and limit parameters, and cursor-based, returning an opaque token for the next page. JSON responses usually wrap the items with metadata like total counts or next links so clients can iterate through the full set.
- Payload#request body · response body · message body
- A payload is the actual data carried in an HTTP request or response body, as opposed to the headers and metadata around it. In JSON APIs the payload is a JSON document — the object a client POSTs to create a record, or the array a server returns. Developers care about payload size and shape because smaller, well-structured payloads parse faster and validate more easily; minifying JSON trims bytes on the wire.≡→JSON Minifier{ }JSON Formatter
- Problem Details#application/problem+json · RFC 9457
- Problem Details is a standard JSON structure for reporting HTTP API errors, defined by RFC 9457 (which obsoleted RFC 7807) and carried with the media type application/problem+json. A problem object uses agreed members — type, title, status, detail, and instance — plus any custom fields, so clients handle failures uniformly instead of parsing ad-hoc error shapes. It conveys machine-readable and human-readable error information in one payload.
- Rate limiting#
- Rate limiting caps how many requests a client may make to an API within a given window, protecting the service from overload and abuse. Servers commonly reject excess calls with HTTP 429 Too Many Requests and a JSON error body, advertising the policy through headers such as RateLimit-Limit, RateLimit-Remaining, and Retry-After. Clients cope by reading those headers and backing off, ideally with exponential backoff and jitter.
- REST API#RESTful API · REST
- A REST (Representational State Transfer) API is a web API style that models data as resources addressed by URLs and manipulated with standard HTTP methods. Responses are typically JSON representations of those resources, and each request is stateless, carrying all the context it needs. RESTful design is popular because it maps cleanly onto HTTP, caches well, and is simple for clients to consume.{ }JSON Formatter
- Server-Sent Events#SSE
- Server-Sent Events (SSE) is a browser standard for a server to push a one-way stream of text events to a client over a single long-lived HTTP connection, consumed through the EventSource API. Each event is a small text block, and applications typically place a JSON document in its data field. It suits live feeds such as notifications or token-by-token model output, and is simpler than WebSockets when only server-to-client updates are needed.
- Webhook#HTTP callback · reverse API
- A webhook is a reverse API in which a server sends an HTTP request to a URL you register whenever an event occurs, rather than waiting for you to poll. The event data arrives as a JSON payload that your endpoint must accept and process quickly. Webhooks power real-time integrations like payment notifications and CI alerts; developers usually verify a signature header to confirm the sender is genuine.◌Mock JSON Data Generator
Encoding, Numbers & Dates
Character encoding, numbers, and dates — the details that trip people up in JSON.
- Base64#base-64
- Base64 is a binary-to-text encoding that maps arbitrary bytes onto 64 printable ASCII characters (A–Z, a–z, 0–9, plus, slash), typically padding the output with equals signs. Since JSON has no binary type, developers embed images, files, or cryptographic blobs as base64 strings inside JSON fields. The trade-off is roughly 33 percent size growth and the cost of encoding and decoding on both ends.{ }JSON Formatter
- Base64url#base64url encoding · URL-safe base64
- Base64url is a variant of base64 that replaces the plus and slash characters with minus and underscore, and usually drops the trailing equals padding, so the result is safe in URLs and filenames without further escaping. JSON Web Tokens encode their header, payload, and signature using base64url. Decoders often must re-add padding before standard base64 libraries will accept the input.⬡JWT Decoder
- Byte Order Mark#BOM · U+FEFF
- A byte order mark is the Unicode character U+FEFF, sometimes written at the very start of a text file to signal its encoding or endianness. RFC 8259 forbids adding a BOM to JSON and allows parsers to ignore one rather than treat it as an error. A stray UTF-8 BOM (bytes EF BB BF) is a common cause of parse failures, since many strict parsers see it as an unexpected leading character.✓JSON Validator{ }JSON Formatter
- IEEE 754 double-precision#IEEE 754 · double · binary64
- IEEE 754 double-precision is a 64-bit binary floating-point format using one sign bit, eleven exponent bits, and fifty-two fraction bits, and it is how most JSON parsers represent numbers. Because it stores values in binary, common decimals like 0.1 cannot be represented exactly, producing small rounding artifacts. The format also gives only about fifteen to seventeen significant decimal digits, which limits the precision of any JSON number a typical parser can round-trip.✓JSON Validator
- Integer precision loss#big integer problem · number precision loss
- Integer precision loss happens when a JSON integer exceeds the range that IEEE 754 double-precision can hold exactly, which is 2^53 minus 1 (Number.MAX_SAFE_INTEGER in JavaScript). Beyond that, values like large database IDs or Twitter snowflake identifiers silently round to a nearby representable number. The JSON grammar permits arbitrarily large integers, so the safe practice is to transmit big numbers as quoted strings and parse them with a big-integer library.✓JSON Validator→tsJSON to TypeScript
- ISO 8601 date string#ISO 8601 · RFC 3339 timestamp
- ISO 8601 is an international standard for representing dates and times as text, for example 2026-07-12T14:30:00Z, with an optional offset or a trailing Z denoting UTC. Because JSON lacks a date type, ISO 8601 strings are the most common way to carry timestamps, and the closely related RFC 3339 profile is what JSON Schema's date-time format validates. The format sorts lexicographically in chronological order, which simplifies comparison and range queries.§JSON Schema Generator✓JSON Validator
- Line separator characters#
- U+2028 (line separator) and U+2029 (paragraph separator) are Unicode characters that are valid unescaped inside JSON strings but were, before ECMAScript 2019, illegal in JavaScript string literals. This mismatch meant JSON embedded directly into a script — as in older JSONP — could throw a syntax error, so serializers often escape them as and . Escaping them remains a safe habit when injecting JSON into HTML or JavaScript.\"JSON Escape / Unescape
- NaN and Infinity#not a number · non-finite numbers
- NaN (not a number) and positive or negative Infinity are special IEEE 754 floating-point values that arise from operations like dividing by zero. The JSON grammar has no way to write them, so RFC 8259 excludes them entirely and standard parsers reject or refuse to emit them. Serializers commonly substitute null, throw an error, or use nonstandard extensions, making non-finite numbers a recurring cross-language interoperability hazard.✓JSON Validator
- No native date type#JSON has no date type
- JSON defines only strings, numbers, booleans, null, objects, and arrays, so it has no dedicated type for dates or times. Applications must encode temporal values by convention, most often as an ISO 8601 string or a numeric Unix timestamp, and agree on that convention at both ends. This absence means a parser cannot automatically revive a date, and mismatched assumptions about format or time zone are a frequent interoperability bug.§JSON Schema Generator→tsJSON to TypeScript
- Number canonicalization#canonical number form · number normalization
- Number canonicalization is the process of reducing numeric values to a single agreed textual form, for example stripping leading zeros, normalizing exponents, and fixing digit counts, so that equal numbers serialize identically. JSON's grammar allows many spellings of the same value, such as 1, 1.0, and 1e0, which parse equal but differ as text. Canonical forms matter for digital signatures, hashing, and reliable diffing, where byte-level stability is required.±JSON Diff / Compare{ }JSON Formatter
- Percent encoding#URL encoding · percent-encoding
- Percent encoding represents reserved or non-ASCII characters in a URL as a percent sign followed by two hexadecimal digits, for example a space as %20. When JSON is passed through a query string or form field, the whole payload is often percent-encoded so that braces, quotes, and Unicode survive transport. This is a URL-layer concern distinct from JSON's own string escaping, and double-encoding is a common bug.\"JSON Escape / Unescape
- Surrogate pair#UTF-16 surrogate
- A surrogate pair is two 16-bit code units, a high surrogate (U+D800–U+DBFF) followed by a low surrogate (U+DC00–U+DFFF), that together encode one Unicode code point above U+FFFF such as an emoji. In JSON, characters outside the Basic Multilingual Plane are escaped as two consecutive \u sequences forming a surrogate pair. Unpaired or reversed surrogates produce invalid strings, a frequent source of corruption when data is sliced or re-encoded.\"JSON Escape / Unescape✓JSON Validator
- Unicode code point#code point
- A Unicode code point is a single numeric value in the range U+0000 to U+10FFFF that identifies one abstract character in the Unicode standard. JSON strings are sequences of code points, and any code point may appear either literally or as a \u escape. Because code points above U+FFFF cannot fit in one 16-bit unit, they require careful handling in escapes and in languages that expose strings as UTF-16.\"JSON Escape / Unescape
- Unix epoch timestamp#epoch time · Unix time · POSIX time
- A Unix epoch timestamp is a number counting the seconds (or milliseconds) elapsed since midnight UTC on 1 January 1970, ignoring leap seconds. Stored as a plain JSON number, it is compact, time-zone-neutral, and trivial to compare or sort. Developers must document whether the unit is seconds or milliseconds, since mixing them is a common error, and very large millisecond values remain well within IEEE 754's safe integer range.
- UTF-8#UTF8 · Unicode Transformation Format 8-bit
- UTF-8 is a variable-width character encoding that represents every Unicode code point using one to four bytes, remaining backward compatible with ASCII in its single-byte range. RFC 8259 mandates UTF-8 as the default encoding for JSON exchanged between systems, so parsers and generators can assume it unless told otherwise. Emitting JSON in any other encoding breaks interoperability, which is why most APIs, files, and HTTP bodies standardize on UTF-8.✓JSON Validator
Tokens, Auth & Security
JSON in authentication tokens, and the vulnerabilities to guard against.
- Bearer token#
- A bearer token is a credential whose mere possession grants access; the holder is authorized without proving anything further, as in the HTTP header Authorization: Bearer <token>. JWTs are frequently used as bearer tokens in OAuth 2.0 and API authentication. Because a stolen bearer token is fully usable by an attacker, always transmit it over TLS, keep lifetimes short, and avoid storing it where scripts or logs can leak it.⬡JWT Decoder
- Claim#
- A claim is a single piece of information asserted about a subject inside a JWT payload, expressed as one JSON name/value pair such as "sub": "user-123". Claims fall into registered, public, and private categories. Applications read claims to make authorization decisions, but must first verify the token's signature and validate time-based and audience claims, since a decoded but unverified claim is only an unproven assertion.⬡JWT Decoder
- Deeply nested JSON denial of service#JSON parser DoS
- A deeply nested or oversized JSON payload can cause denial of service by exhausting memory or the call stack during parsing, since naive recursive parsers may overflow on thousands of nested arrays or objects. Related attacks include huge numeric values, enormous strings, and hash-collision key sets. Mitigations include capping input size, limiting nesting depth, enforcing parse timeouts, and validating structure before fully deserializing untrusted input.✓JSON Validator
- HS256 vs RS256#HMAC vs RSA signing
- HS256 and RS256 are the two most common JWT signing algorithms. HS256 uses HMAC with SHA-256 and a single shared secret, so any party that can verify a token can also mint one, making it best for trusted first-party services. RS256 uses RSA with SHA-256: the issuer signs with a private key and others verify with a public key, suiting distributed systems. Never let a token's header downgrade RS256 to HS256 or "none".⬡JWT Decoder
- JSON hijacking#
- JSON hijacking is a largely historical attack in which a malicious page loads a sensitive JSON endpoint via a script tag and captures the data by overriding Array or Object constructors, exploiting the fact that a top-level JSON array was once executable as JavaScript. Modern browsers closed the loophole; defenses include requiring non-GET methods, checking CSRF tokens, and prefixing responses with a guard such as )]}',. It chiefly concerns legacy systems.
- JSON injection#
- JSON injection is a vulnerability where untrusted input is inserted into a JSON document or query without proper encoding, letting an attacker alter its structure. It can add or overwrite fields, break out of a string value, or smuggle operators into a NoSQL query that consumes JSON. Prevention relies on serializing with a real JSON library rather than string concatenation, validating against a schema, and treating all client-supplied JSON as untrusted.✓JSON Validator§JSON Schema Generator
- JSON Web Encryption (JWE)#JWE
- JSON Web Encryption (JWE), defined in RFC 7516, is the standard for encrypting content so only intended recipients can read it, unlike a signed JWT whose payload is merely encoded. A JWE has five parts in compact form — protected header, encrypted key, initialization vector, ciphertext, and authentication tag. Use JWE when tokens carry sensitive data that must stay confidential in transit or at rest, accepting the added size and processing cost.⬡JWT Decoder
- JSON Web Key (JWK)#JWK · JWKS
- A JSON Web Key (JWK) is a JSON object representing a cryptographic key, with members like "kty", "alg", "use", and "kid" plus the key material. A collection of them forms a JWK Set (JWKS), the JSON document servers publish at a well-known endpoint so clients can fetch public keys and verify JWT signatures. Matching a token's "kid" header to a JWKS entry enables seamless key rotation without redeploying verifiers.⬡JWT Decoder
- JSON Web Signature (JWS)#JWS
- JSON Web Signature (JWS), defined in RFC 7515, is the standard for signing content so recipients can verify its integrity and origin. A signed JWT is technically a JWS in compact serialization, but JWS also offers a JSON serialization that can hold multiple signatures over one payload. The protected header, payload, and signature are its core pieces. Developers rely on JWS wherever tamper-evident, though not necessarily secret, JSON messages are exchanged.⬡JWT Decoder
- JSON Web Token (JWT)#JWT
- A JSON Web Token (JWT) is a compact, URL-safe format for carrying claims as a signed or encrypted token passed between parties. It consists of three Base64url-encoded segments — header, payload, and signature — joined by dots. The payload is ordinary JSON, so a decoded JWT is human-readable but not confidential unless encrypted. Developers use JWTs for stateless authentication and authorization, and must verify the signature before trusting any claim inside.⬡JWT Decoder
- JWT header#
- The JWT header is the first segment of a JSON Web Token: a small JSON object, Base64url-encoded, that describes how the token is secured. It typically carries "alg", naming the signing or encryption algorithm, and "typ", usually set to JWT. It may also include "kid" to identify which key verifies the signature. Because an attacker can rewrite an unverified header, servers must pin expected algorithms rather than trusting the header's "alg" value blindly.⬡JWT Decoder
- JWT payload#Claims set
- The JWT payload is the middle segment of a JSON Web Token, a Base64url-encoded JSON object holding the claims about a subject, such as identity, roles, and expiry. Encoding is not encryption, so anyone holding the token can read the payload; never place passwords or secrets there. Keep payloads small since they travel in every request, and always validate claims server-side after verifying the signature.⬡JWT Decoder
- JWT signature#
- The JWT signature is the third segment of a JSON Web Token, computed over the encoded header and payload to prove integrity and authenticity. HMAC algorithms use a shared secret, while RSA or ECDSA use a private key verified by a public key. Servers must recompute and compare the signature before trusting any claim, and reject tokens whose header requests the "none" algorithm — a classic bypass that skips verification entirely.⬡JWT Decoder
- Mass assignment#over-posting
- Mass assignment, also called over-posting, is a vulnerability where a framework automatically binds every field of an incoming JSON request body onto an internal object or database record, letting an attacker set fields they should not control, such as isAdmin or a price. The fix is to bind only an explicit allowlist of properties, use a dedicated input type, and validate the body against a strict schema that forbids unexpected keys.✓JSON Validator
- OAuth 2.0#OAuth2
- OAuth 2.0 is an authorization framework (RFC 6749) that lets an application obtain limited access to a resource on a user's behalf without handling their password. The user authorizes a client, which receives an access token — often a JSON Web Token — to call protected APIs. OAuth handles authorization, not authentication of identity; OpenID Connect layers that on top. Correctly validating token scopes and audiences prevents over-broad access.⬡JWT Decoder
- OpenID Connect#OIDC
- OpenID Connect (OIDC) is an identity layer built on OAuth 2.0 that adds authenticated login to the authorization flow. Alongside an access token, the provider issues an ID token — a JWT whose claims (sub, iss, aud, exp, nonce) describe the authenticated user. Relying parties must verify the ID token's signature and claims against the provider's published JWKS. OIDC standardizes single sign-on across web, mobile, and API clients.⬡JWT Decoder
- Prototype pollution#__proto__ pollution
- Prototype pollution is a JavaScript vulnerability where attacker-controlled keys like __proto__, constructor, or prototype in parsed JSON are merged into Object.prototype, affecting every object at runtime. Deep-merge and clone utilities applied to untrusted request bodies are common entry points, enabling denial of service, property tampering, or even remote code execution. Defenses include rejecting dangerous keys, using Map or null-prototype objects, and validating input against a strict schema.✓JSON Validator
- Registered claims (exp, iss, aud)#Reserved claims
- Registered claims are the standardized, reserved JWT claim names defined in RFC 7519, giving interoperable meaning to common fields. Key examples include exp (expiration time), iss (issuer), aud (audience), sub (subject), nbf (not before), iat (issued at), and jti (token identifier). Validating exp, iss, and aud on every request is essential; skipping them lets expired, foreign, or misdirected tokens pass as valid.⬡JWT Decoder
Related Data Formats & Storage
Neighbouring data formats and the databases where JSON is stored.
- Apache Arrow#
- Apache Arrow is a language-independent columnar in-memory format for representing tabular data efficiently and sharing it between processes without serialization or copying. Unlike row-oriented JSON, it stores each column contiguously, enabling vectorized analytics and zero-copy transfer across engines and languages. Semi-structured JSON is often parsed and loaded into Arrow for fast processing, and Arrow complements on-disk formats like Parquet in modern data pipelines.
- Apache Avro#Avro
- Apache Avro is a binary serialization system that stores its schema alongside the data, often expressed in JSON itself. Widely used in the Hadoop and Kafka ecosystems, it supports schema evolution so readers and writers can use different schema versions. Because the Avro schema is defined in JSON, developers routinely work with JSON when declaring record structures, even though the encoded data payload is compact binary.
- Apache Parquet#Parquet
- Apache Parquet is a columnar binary storage format optimized for analytical queries over large datasets. Instead of storing rows together like JSON or CSV, it groups values by column, enabling efficient compression and column pruning in data lakes and warehouses. Semi-structured JSON is frequently flattened and loaded into Parquet for analytics, since Parquet's schema and column orientation suit aggregation far better than row-based JSON.
- CSV#Comma-Separated Values
- CSV (Comma-Separated Values) is a plain-text tabular format where each line is a row and fields are separated by commas. Unlike JSON, it has no native support for nested structures, types, or arrays, so converting JSON to CSV requires flattening objects into columns. It remains the lingua franca for spreadsheets and data exports, making JSON-to-CSV and CSV-to-JSON conversion common integration tasks.→csvJSON to CSVcsv→CSV to JSON
- Denormalization#
- Denormalization is the practice of duplicating related data into a single record to avoid joins and speed up reads. In document databases, this means embedding nested objects and arrays directly inside a JSON document rather than referencing separate collections. It trades storage and update complexity for faster, single-read access, and is a defining pattern in how JSON documents are modeled compared to normalized relational tables.
- Document (MongoDB sense)#BSON document
- In MongoDB, a document is a single record stored as a set of field-value pairs, conceptually a JSON object but persisted internally as BSON, a binary-encoded superset of JSON. Documents live inside collections and can contain nested subdocuments and arrays, plus extended types like dates and ObjectIds not present in plain JSON. Developers read and write them using JSON-like syntax in queries and drivers.✓JSON Validator
- Document database#document store · document-oriented database
- A document database is a type of NoSQL store that keeps data as self-contained documents, typically JSON or the binary BSON variant, rather than in rows and tables. Each document holds nested fields and arrays, so related data lives together and can be retrieved in one read. MongoDB, Couchbase, and Firestore are common examples, and their query languages operate directly on JSON-shaped structures.
- Flattening nested data#JSON flattening
- Flattening is the process of converting hierarchical JSON objects and arrays into a flat set of columns suitable for tabular formats like CSV, spreadsheets, or SQL tables. Nested keys are typically joined with dot or underscore notation, such as address.city becoming address_city, while arrays may be expanded into multiple rows or indexed columns. It is a required step whenever nested JSON must feed row-and-column analytics tools.→csvJSON to CSV$.JSONPath / JQ Tester
- HOCON#Human-Optimized Config Object Notation
- HOCON (Human-Optimized Config Object Notation) is a configuration format, originating in the Lightbend/Akka ecosystem, that is a superset of JSON designed to be easier to write. It adds comments, optional quotes and commas, unquoted and dotted-path keys, file includes, and value substitutions, while any valid JSON is also valid HOCON. Parsers resolve it down to a plain JSON-like tree, so applications consume ordinary structured data after loading.
- Key-value store#key-value database · KV store
- A key-value store is a database that maps unique keys to opaque values, offering extremely fast lookups by key with a minimal data model. The value can be a simple string or a serialized JSON blob, letting applications store structured objects under a single key. Redis, DynamoDB, and etcd are widely used examples, often serving as caches or session stores for JSON-serialized state.
- NoSQL#Not Only SQL
- NoSQL (Not Only SQL) refers to a broad class of non-relational databases that trade rigid table schemas for flexible data models and horizontal scalability. Categories include document, key-value, column-family, and graph stores. Many NoSQL systems use JSON or JSON-like structures as their native data model, letting developers store and query nested objects directly without mapping them to relational tables.
- Protocol Buffers#protobuf
- Protocol Buffers (protobuf) is a binary serialization format from Google that encodes structured data using a predefined schema written in .proto files. Compared to JSON, it produces smaller payloads and faster parsing, making it popular for internal microservice communication and gRPC. Fields are identified by numeric tags rather than names, so the schema is required to decode messages, unlike self-describing JSON.
- Schema evolution#
- Schema evolution is the disciplined practice of changing a data format's schema over time while keeping producers and consumers on different versions interoperable. Backward-compatible changes let new code read old data, and forward-compatible changes let old code read new data, typically by adding optional fields, supplying defaults, and never repurposing identifiers. Binary formats like Avro and Protocol Buffers formalize it, but JSON APIs face the same concern when adding or renaming fields.
- Schema-on-read#
- Schema-on-read is a data-handling approach where raw data is stored without a predefined structure and interpreted only when it is queried. It contrasts with schema-on-write, where structure is enforced at insertion time. JSON and document databases naturally fit this model, since arbitrary nested documents can be stored first and their shape validated or projected later, giving flexibility at the cost of read-time parsing.§JSON Schema Generator
- TOML#Tom's Obvious Minimal Language
- TOML (Tom's Obvious Minimal Language) is a configuration file format designed to be easy to read with clear semantics that map unambiguously to a hash table. It uses key-value pairs grouped into named sections and has explicit types for dates, integers, and strings. Popular in the Rust and Python ecosystems for files like Cargo.toml and pyproject.toml, it maps cleanly to and from JSON data structures.
- TSV#Tab-Separated Values
- TSV (Tab-Separated Values) is a tabular text format identical in structure to CSV but delimited by tab characters instead of commas. Because tabs rarely appear inside field values, TSV often avoids the quoting and escaping complications that commas cause in CSV. Developers exporting JSON data to spreadsheets or data-analysis pipelines sometimes prefer TSV, though both require flattening nested JSON into flat rows and columns.→csvJSON to CSV
- XML#Extensible Markup Language
- XML (Extensible Markup Language) is a verbose, tag-based markup format for structured data, once dominant in web services and enterprise systems. It supports attributes, namespaces, and schema validation via XSD, but its verbosity made JSON the preferred choice for most modern APIs. Converting between the two is common when integrating legacy SOAP services or document standards with JSON-based applications.⇄xmlJSON ⇄ XML
- YAML#YAML Ain't Markup Language
- YAML (YAML Ain't Markup Language) is a human-readable data serialization format that uses indentation instead of braces and brackets. It is a superset of JSON, meaning any valid JSON is also valid YAML, but YAML adds comments, anchors, and multi-line strings. Developers favor it for configuration files where readability matters, and frequently convert between JSON and YAML when moving between APIs and config systems.⇄ymlJSON ⇄ YAML