diff --git a/dbi/jwt.go b/dbi/jwt.go
new file mode 100644
index 0000000..7f046ae
--- /dev/null
+++ b/dbi/jwt.go
@@ -0,0 +1,18 @@
+package dbi
+
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func GenJWT(user User) (string, error) {
+	now := time.Now()
+	claims := jwt.MapClaims{
+		"sub": user.Username,
+		"iat": now.Unix(),
+		"exp": now.Add(time.Hour).Unix(),
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(user.APIKey))
+}
diff --git a/go.mod b/go.mod
index c5ea373..e2f99ae 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@ go 1.26
 
 require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
diff --git a/main.go b/main.go
index c379128..3768235 100644
--- a/main.go
+++ b/main.go
@@ -59,7 +59,13 @@ func handleLoginPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	writeHTML(w, pages.MainFormPage)
+	token, err := dbi.GenJWT(user)
+	if err != nil {
+		fail()
+		return
+	}
+
+	writeHTML(w, pages.MainFormPage(token))
 }
 
 func main() {
diff --git a/pages/main_form_page.go b/pages/main_form_page.go
index 56fcca5..d70406d 100644
--- a/pages/main_form_page.go
+++ b/pages/main_form_page.go
@@ -1,12 +1,16 @@
 package pages
 
-const MainFormPage = `<!DOCTYPE html>
+import "fmt"
+
+func MainFormPage(jwtToken string) string {
+	return fmt.Sprintf(`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Faculty Activity Report</title>
     <link rel="stylesheet" href="https://unpkg.com/rivet-core@2/css/rivet.min.css">
+    <script>var JWT = "%s";</script>
 </head>
 <body>
         <header class="rvt-header-wrapper">
@@ -293,4 +297,5 @@ const MainFormPage = `<!DOCTYPE html>
     });
     </script>
 </body>
-</html>`
+</html>`, jwtToken)
+}