Skip to content
🔑 Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.
Branch: master
Clone or download
Latest commit 10b7994 Aug 8, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore usual suspects Jan 9, 2018
LICENSE usual suspects Jan 9, 2018 added more tests Aug 8, 2018
branca.go gofmt move package comment Aug 8, 2018


Build Status Go Report Card GoDoc

branca is a secure alternative to JWT, This implementation is written in pure Go (no cgo dependencies) and implements the branca token specification.


Go 1.5 and beyond.


go get -u


package main

import (

func main() {
	b := branca.NewBranca("supersecretkeyyoushouldnotcommit") // This key must be exactly 32 bytes long.
	// Encode String to Branca Token.
	token, err := b.EncodeToString("Hello world!")
	if err != nil {
    //b.SetTTL(3600) // Uncomment this to set an expiration (or ttl) of the token (in seconds).
    //token = "87y8daMzSkn7PA7JsvrTT0JUq1OhCjw9K8w2eyY99DKru9FrVKMfeXWW8yB42C7u0I6jNhOdL5ZqL" // This token will be not allowed if a ttl is set.
	// Decode Branca Token.
	message, err := b.DecodeToString(token)
	if err != nil {
		fmt.Println(err) // token is expired.
	fmt.Println(token) // 87y8da....
	fmt.Println(message) // Hello world!


Here are a few things that need to be done:

  • Remove cgo dependencies.
  • Move to a pure XChaCha20 algorithm in Go.
  • Add more tests than just acceptance tests.
  • Increase test coverage.
  • Additional Methods. (Encode, Decode []byte)
  • Performance benchmarks.
  • More comments, examples and documentation.


Contributions are welcome! Fork this repo and add your changes and submit a PR.

If you would like to fix a bug, add a feature or provide feedback you can do so in the issues section.

You can run tests by runnning go test. Running go test; go vet; golint is recommended.



You can’t perform that action at this time.