Comparative Analysis of Performance and Security Static and Dynamic JSON Web Token (JWT)
DOI:
https://doi.org/10.66485/jsti.v1i2.20Keywords:
JSON Web Token; Peformance; REST APIAbstract
The rapidly evolving technology era demands a secure and efficient authentication mechanism when exchanging information between users and servers. One of the most common authentication methods used in REST APIs is JSON Web Token (JWT) due to its stateless and lightweight nature. However, the implementation of static JWT still has a weakness because pre-existing tokens can be used in other contexts such as other devices or other IP addresses. This can result in token misuse, resulting in data leakage. This study was conducted by comparing the performance and security aspects of static JWT and dynamic JWT in REST APIs using the PHP Laravel framework. Testing results show that the implementation of static and dynamic JWT does not have a significant difference in performance. However, dynamic JWT excels in security aspects because it is able to detect unauthorized access attempts due to context mismatch.
References
Arianto, I. G., Witanti, W., & Ashaury, H. (2025). Sistem keamanan otentikasi pengguna pada modul single sign on menggunakan OAuth 2.0 dan one time password. Jurnal Ilmu Komputer dan Teknologi, 6(1), 25-31. https://doi.org/10.35960/ikomti.v6i1.1768
Arcuri, A., Zhang, M., & Galeotti, J. P. (2023). Advanced white-box heuristics for search-based fuzzing of REST APIs. arXiv Preprint, arXiv:2309.08360. https://doi.org/10.1145/3652157
Corradini, D., Ceccato, M., & Ghafari, M. (2025). Automated testing of broken authentication vulnerabilities in web APIs with AuthREST. arXiv Preprint.
Dalimunthe, S., et al. (2022). Model for storing tokens in cookies using JSON Web Token (JWT) with HMAC in e-learning systems. Journal of Applied Engineering and Technological Science.
Dalimunthe, S., et al. (2023). Utilization of JSON Web Token for authentication and verification in digital information systems. Journal of Computer Engineering and Informatics.
Dalimunthe, S., Putra, E. H., & Ridha, M. A. F. (2023). RESTful API security using JSON Web Token (JWT) with HMAC-SHA512 algorithm in session management. IT Journal Research and Development, 8(1), 81-94.
https://doi.org/10.25299/itjrd.2023.12029
Lodder, M. (2023). Token-based authentication and authorization with Zero Trust architecture (Master's thesis). Dakota State University.
Naik, N., & Jenkins, P. (2022). Securing RESTful APIs using token-based authentication mechanisms. In Proceedings of the International Conference on Cybersecurity and Digital Forensics.
Nikolaou, I. (2025). REST API access control: An OPTIONS-based authorization enforcement approach. In Proceedings of the ACM International Conference on Web Engineering.
https://doi.org/10.1145/3701716.3718327
Nurjaman, I., Utomo, F. S., & Hermanto, N. (2024). Penerapan REST API Laravel sebagai fondasi back-end aplikasi G-MOOC 4D. Journal of Informatics Interaction Technology, 1(1), 9-18. https://doi.org/10.63547/jiite.v1i1.4
Riadi, I., Umar, R., & Busthomi, I. (2020). Optimasi keamanan autentikasi dari man in the middle attack (MiTM) menggunakan teknologi blockchain. Journal of Information Engineering and Educational Technology, 4(1), 15-19. https://doi.org/10.26740/jieet.v4n1.p15-19
Rizki, M. (2022). Perkembangan sistem pertahanan/keamanan siber Indonesia dalam menghadapi tantangan perkembangan teknologi dan informasi. Politeia: Jurnal Ilmu Politik, 14(1), 54-62. https://doi.org/10.32734/politeia.v14i1.6351
Salt Security. (2023). The state of API security report Q1 2023. Salt Labs Research Report.
Software Engineering Institute (SEI). (2024). API vulnerabilities and risks. Carnegie Mellon University.
Soni, N. (2024). Impact of performance on security: JWT token implementation for microservices authentication (Master's thesis). California State University.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 izki Parlika, Muhammad Romi Nasution, Dino Rosanilo Yuswanto
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
