APIVerve
APIVerveDocumentation
Ctrl+K
apiverve

JWT DecoderJWT Decoder API

OnlineCredit Usage:1 per callRefreshed 1 month ago
avg: 219ms|p50: 207ms|p75: 227ms|p90: 251ms|p99: 298ms

JWT Decoder decodes JWT tokens to reveal header and payload information without performing signature verification.

The JWT Decoder API provides reliable and fast access to jwt decoder data through a simple REST interface. Built for developers who need consistent, high-quality results with minimal setup time.

To use JWT Decoder, you need an API key. You can get one by creating a free account and visiting your dashboard.

POST Endpoint

URL
https://api.apiverve.com/v1/jwtdecoder

Code Examples

Here are examples of how to call the JWT Decoder API in different programming languages:

cURL Request
curl -X POST \
  "https://api.apiverve.com/v1/jwtdecoder" \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}'
JavaScript (Fetch API)
const response = await fetch('https://api.apiverve.com/v1/jwtdecoder', {
  method: 'POST',
  headers: {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
})
});

const data = await response.json();
console.log(data);
Python (Requests)
import requests

headers = {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
}

payload = {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

response = requests.post('https://api.apiverve.com/v1/jwtdecoder', headers=headers, json=payload)

data = response.json()
print(data)
Node.js (Native HTTPS)
const https = require('https');
const url = require('url');

const options = {
  method: 'POST',
  headers: {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
  }
};

const postData = JSON.stringify({
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
});

const req = https.request('https://api.apiverve.com/v1/jwtdecoder', options, (res) => {
  let data = '';
  res.on('data', (chunk) => data += chunk);
  res.on('end', () => console.log(JSON.parse(data)));
});

req.write(postData);
req.end();
PHP (cURL)
<?php

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.apiverve.com/v1/jwtdecoder');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'X-API-Key: your_api_key_here',
    'Content-Type: application/json'
]);

curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode({
    'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
}));

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

?>
Go (net/http)
package main

import (
    "fmt"
    "io"
    "net/http"
    "bytes"
    "encoding/json"
)

func main() {
    payload := map[string]interface{}{
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    }

    jsonPayload, _ := json.Marshal(payload)
    req, _ := http.NewRequest("POST", "https://api.apiverve.com/v1/jwtdecoder", bytes.NewBuffer(jsonPayload))

    req.Header.Set("X-API-Key", "your_api_key_here")
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    body, _ := io.ReadAll(resp.Body)
    fmt.Println(string(body))
}
Ruby (Net::HTTP)
require 'net/http'
require 'json'

uri = URI('https://api.apiverve.com/v1/jwtdecoder')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

payload = {
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

request = Net::HTTP::Post.new(uri)
request['X-API-Key'] = 'your_api_key_here'
request['Content-Type'] = 'application/json'

request.body = payload.to_json

response = http.request(request)
puts JSON.pretty_generate(JSON.parse(response.body))
C# (HttpClient)
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

class Program
{
    static async Task Main(string[] args)
    {
        using var client = new HttpClient();
        client.DefaultRequestHeaders.Add("X-API-Key", "your_api_key_here");

        var jsonContent = @"{
        ""token"": ""eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c""
}";
        var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");

        var response = await client.PostAsync("https://api.apiverve.com/v1/jwtdecoder", content);
        response.EnsureSuccessStatusCode();

        var responseBody = await response.Content.ReadAsStringAsync();
        Console.WriteLine(responseBody);
    }
}

Authentication

The JWT Decoder API requires authentication via API key. Include your API key in the request header:

Required Header
X-API-Key: your_api_key_here

Learn more about authentication →

Interactive API Playground

Test the JWT Decoder API directly in your browser with live requests and responses.

Try JWT Decoder APIView details and test in the API marketplace

Parameters

The following parameters are available for the JWT Decoder API:

Decode JWT Token

ParameterTypeRequiredDescriptionDefaultExample
tokenstringrequired
JWT token to decode
-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Response

The JWT Decoder API returns responses in JSON, XML, YAML, and CSV formats:

Example Responses

JSON Response
200 OK
{
  "status": "ok",
  "error": null,
  "data": {
    "header": {
      "alg": "HS256",
      "typ": "JWT"
    },
    "payload": {
      "sub": "1234567890",
      "name": "John Doe",
      "iat": 1516239022
    },
    "signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "isExpired": false,
    "expiresAt": null,
    "issuedAt": "2018-01-18T01:30:22.000Z",
    "tokenAge": "2557 days",
    "warning": "This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation."
  }
}
XML Response
200 OK
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>ok</status>
  <error xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
  <data>
    <header>
      <alg>HS256</alg>
      <typ>JWT</typ>
    </header>
    <payload>
      <sub>1234567890</sub>
      <name>John Doe</name>
      <iat>1516239022</iat>
    </payload>
    <signature>SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c</signature>
    <isExpired>false</isExpired>
    <expiresAt xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    <issuedAt>2018-01-18T01:30:22.000Z</issuedAt>
    <tokenAge>2557 days</tokenAge>
    <warning>This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation.</warning>
  </data>
</response>
YAML Response
200 OK
status: ok
error: null
data:
  header:
    alg: HS256
    typ: JWT
  payload:
    sub: '1234567890'
    name: John Doe
    iat: 1516239022
  signature: SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
  isExpired: false
  expiresAt: null
  issuedAt: '2018-01-18T01:30:22.000Z'
  tokenAge: 2557 days
  warning: >-
    This API only decodes JWT tokens. It does NOT verify signatures. Do not use
    for security validation.
CSV Response
200 OK
keyvalue
header{alg:HS256,typ:JWT}
payload{sub:1234567890,name:John Doe,iat:1516239022}
signatureSflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
isExpiredfalse
expiresAt
issuedAt2018-01-18T01:30:22.000Z
tokenAge2557 days
warningThis API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation.

Response Structure

All API responses follow a consistent structure with the following fields:

FieldTypeDescriptionExample
statusstringIndicates whether the request was successful ("ok") or failed ("error")ok
errorstring | nullContains error message if status is "error", otherwise nullnull
dataobject | nullContains the API response data if successful, otherwise null{...}

Learn more about response formats →

Response Data Fields

When the request is successful, the data object contains the following fields:

Response fields marked with Premium are available exclusively on paid plans.View pricing
FieldTypeSample ValueDescription
headerobject{...}-
â”” algstring"HS256"-
â”” typstring"JWT"-
payloadobject{...}-
â”” substring"1234567890"-
â”” namestring"John Doe"-
â”” iatnumber1516239022-
signaturestring"SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"-
isExpiredbooleanfalse-
expiresAtobjectnull-
issuedAtstring"2018-01-18T01:30:22.000Z"ISO timestamp of when the token was issued (from iat claim)
tokenAgePremiumstring"2557 days"Human-readable age of the token
warningstring"This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation."-

Headers

Required and optional headers for JWT Decoder API requests:

Header NameRequiredExample ValueDescription
X-API-Keyrequiredyour_api_key_hereYour APIVerve API key. Found in your dashboard under API Keys.
Acceptoptionalapplication/jsonSpecify response format: application/json (default), application/xml, or application/yaml
User-AgentoptionalMyApp/1.0Identifies your application for analytics and debugging purposes
X-Request-IDoptionalreq_123456789Custom request identifier for tracking and debugging requests
Cache-Controloptionalno-cacheControl caching behavior for the request and response

Learn more about request headers →

GraphQL AccessALPHA

Access JWT Decoder through GraphQL to combine it with other API calls in a single request. Query only the jwt decoder data you need with precise field selection, and orchestrate complex data fetching workflows.

Test JWT Decoder in the GraphQL Explorer to confirm availability and experiment with queries.

Credit Cost: Each API called in your GraphQL query consumes its standard credit cost.

GraphQL Endpoint
POST https://api.apiverve.com/v1/graphql
GraphQL Query Example
query {
  jwtdecoder(
    input: {
      token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    }
  ) {
    header {
      alg
      typ
    }
    payload {
      sub
      name
      iat
    }
    signature
    isExpired
    expiresAt
    issuedAt
    tokenAge
    warning
  }
}

Note: Authentication is handled via the x-api-key header in your GraphQL request, not as a query parameter.

CORS Support

The JWT Decoder API supports Cross-Origin Resource Sharing (CORS) with wildcard configuration, allowing you to call JWT Decoder directly from browser-based applications without proxy servers.

CORS HeaderValueDescription
Access-Control-Allow-Origin*Accepts requests from any origin
Access-Control-Allow-Methods*Accepts any HTTP method
Access-Control-Allow-Headers*Accepts any request headers

Browser Usage: You can call JWT Decoder directly from JavaScript running in the browser without encountering CORS errors. No proxy server or additional configuration needed.

Learn more about CORS support →

Rate Limiting

JWT Decoder API requests are subject to rate limiting based on your subscription plan. These limits ensure fair usage and maintain service quality for all JWT Decoder users.

PlanRate LimitDescription
Free5 requests/minHard rate limit enforced - exceeding will return 429 errors
StarterNo LimitProduction ready - standard traffic priority
ProNo LimitProduction ready - preferred traffic priority
MegaNo LimitProduction ready - highest traffic priority

Learn more about rate limiting →

Rate Limit Headers

When rate limits apply, each JWT Decoder response includes headers to help you track your usage:

HeaderDescription
X-RateLimit-LimitMaximum number of requests allowed per time window
X-RateLimit-RemainingNumber of requests remaining in the current window
X-RateLimit-ResetUnix timestamp when the rate limit window resets

Handling Rate Limits

Free Plan: When you exceed your rate limit, JWT Decoder returns a 429 Too Many Requests status code. Your application should implement appropriate backoff logic to handle this gracefully.

Paid Plans: No rate limiting or throttling applied. All paid plans (Starter, Pro, Mega) are production-ready.

Best Practices for JWT Decoder:

  • Monitor the rate limit headers to track your JWT Decoder usage (Free plan only)
  • Cache jwt decoder responses where appropriate to reduce API calls
  • Upgrade to Pro or Mega for guaranteed no-throttle JWT Decoder performance

Note: JWT Decoder rate limits are separate from credit consumption. You may have credits remaining but still hit rate limits when using JWT Decoder on Free tier.

Error Codes

The JWT Decoder API uses standard HTTP status codes to indicate success or failure:

CodeMessageDescriptionSolution
200OKRequest successful, data returnedNo action needed - request was successful
400Bad RequestInvalid request parameters or malformed requestCheck required parameters and ensure values match expected formats
401UnauthorizedMissing or invalid API keyInclude x-api-key header with valid API key from dashboard
403ForbiddenAPI key lacks permission or insufficient creditsCheck credit balance in dashboard or upgrade plan
429Too Many RequestsRate limit exceeded (Free: 5 req/min)Implement request throttling or upgrade to paid plan
500Internal Server ErrorServer error occurredRetry request after a few seconds, contact support if persists
503Service UnavailableAPI temporarily unavailableWait and retry, check status page for maintenance updates

Learn more about error handling →

Need help? Contact support with your X-Request-ID for assistance.

Integrate JWT Decoder with SDKs

Get started quickly with official JWT Decoder SDKs for your preferred language. Each library handles authentication, request formatting, and error handling automatically.

Available for Node.js, Python, C#/.NET, and Android/Java. All SDKs are open source and regularly updated.

NPMPyPINuGetSwaggerJitPackJitPack

Integrate JWT Decoder with No-Code API Tools

Connect the JWT Decoder API to your favorite automation platform without writing code. Build workflows that leverage jwt decoder data across thousands of apps.

Zapier
ZapierConnect JWT Decoder to 6,000+ apps
Make
MakeBuild visual jwt decoder workflows
Pipedream
PipedreamCode-friendly jwt decoder automation
n8n
n8nSelf-host your jwt decoder workflows
Power Automate
Power AutomateUse JWT Decoder in Microsoft 365

All platforms use your same API key to access JWT Decoder. Visit our integrations hub for step-by-step setup guides.

Frequently Asked Questions

How do I get an API key for JWT Decoder?
Sign up for a free account at dashboard.apiverve.com. Your API key will be automatically generated and available in your dashboard. The same key works for JWT Decoder and all other APIVerve APIs. The free plan includes 1,000 credits plus a 500 credit bonus.
How many credits does JWT Decoder cost?

Each successful JWT Decoder API call consumes credits based on plan tier. Check the pricing section above for the exact credit cost. Failed requests and errors don't consume credits, so you only pay for successful jwt decoder lookups.

Can I use JWT Decoder in production?

The free plan is for testing and development only. For production use of JWT Decoder, upgrade to a paid plan (Starter, Pro, or Mega) which includes commercial use rights, no attribution requirements, and guaranteed uptime SLAs. All paid plans are production-ready.

Can I use JWT Decoder from a browser?
Yes! The JWT Decoder API supports CORS with wildcard configuration, so you can call it directly from browser-based JavaScript without needing a proxy server. See the CORS section above for details.
What happens if I exceed my JWT Decoder credit limit?

When you reach your monthly credit limit, JWT Decoder API requests will return an error until you upgrade your plan or wait for the next billing cycle. You'll receive notifications at 80% and 95% usage to give you time to upgrade if needed.

What's Next?

Continue your journey with these recommended resources

Browse All APIs

Explore our complete catalog of APIs

Authentication Guide

Learn about API keys and security

Rate Limits

Understand usage limits and best practices

Was this page helpful?