Sample tokens and auth mistakes that appear in production APIs.
Expired Token
JWT payload with an expiration timestamp in the past.
Missing Bearer Prefix
Raw JWT value sent without the required Bearer prefix.
Audience Mismatch
Token is structurally valid but the aud claim is incorrect.