JWT Decoder API
Overview
To use JWT Decoder, you need an API key. You can get one by creating a free account and visiting your dashboard.
POST Endpoint
https://api.apiverve.com/v1/jwtdecoderExample
How to call the JWT Decoder API in different programming languages.
curl -X POST \
"https://api.apiverve.com/v1/jwtdecoder" \
-H "X-API-Key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}'const response = await fetch('https://api.apiverve.com/v1/jwtdecoder', {
method: 'POST',
headers: {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
})
});
const data = await response.json();
console.log(data);import requests
headers = {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
payload = {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
response = requests.post('https://api.apiverve.com/v1/jwtdecoder', headers=headers, json=payload)
data = response.json()
print(data)package main
import (
"fmt"
"io"
"net/http"
"bytes"
"encoding/json"
)
func main() {
payload := map[string]interface{}{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
jsonPayload, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", "https://api.apiverve.com/v1/jwtdecoder", bytes.NewBuffer(jsonPayload))
req.Header.Set("X-API-Key", "your_api_key_here")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}{
"status": "ok",
"error": null,
"data": {
"header": {
"alg": "HS256",
"typ": "JWT"
},
"payload": {
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
},
"signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"isExpired": false,
"expiresAt": null,
"issuedAt": "2018-01-18T01:30:22.000Z",
"tokenAge": "2557 days",
"warning": "This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation."
}
}Authentication
The JWT Decoder API requires authentication via API key. Include your API key in the request header:
X-API-Key: your_api_key_hereInteractive API Playground
Test the JWT Decoder API directly in your browser with live requests and responses.
Parameters
The following parameters are available for the JWT Decoder API:
Decode JWT Token
| Parameter | Type | Required | Description | Default | Example |
|---|---|---|---|---|---|
token | string | required | JWT token to decode | - |
Response
The JWT Decoder API returns responses in JSON, XML, YAML, and CSV formats. The JSON response is shown in the Example section above; alternative formats below.
Other Response Formats
<?xml version="1.0" encoding="UTF-8"?>
<response>
<status>ok</status>
<error xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<data>
<header>
<alg>HS256</alg>
<typ>JWT</typ>
</header>
<payload>
<sub>1234567890</sub>
<name>John Doe</name>
<iat>1516239022</iat>
</payload>
<signature>SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c</signature>
<isExpired>false</isExpired>
<expiresAt xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<issuedAt>2018-01-18T01:30:22.000Z</issuedAt>
<tokenAge>2557 days</tokenAge>
<warning>This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation.</warning>
</data>
</response>
status: ok
error: null
data:
header:
alg: HS256
typ: JWT
payload:
sub: '1234567890'
name: John Doe
iat: 1516239022
signature: SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
isExpired: false
expiresAt: null
issuedAt: '2018-01-18T01:30:22.000Z'
tokenAge: 2557 days
warning: >-
This API only decodes JWT tokens. It does NOT verify signatures. Do not use
for security validation.
| key | value |
|---|---|
| header | {alg:HS256,typ:JWT} |
| payload | {sub:1234567890,name:John Doe,iat:1516239022} |
| signature | SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c |
| isExpired | false |
| expiresAt | |
| issuedAt | 2018-01-18T01:30:22.000Z |
| tokenAge | 2557 days |
| warning | This API only decodes JWT tokens. It does NOT verify signatures. Do not use for security validation. |
Response Structure
All API responses follow a consistent structure with the following fields:
| Field | Type | Description | Example |
|---|---|---|---|
status | string | Indicates whether the request was successful ("ok") or failed ("error") | ok |
error | string | null | Contains error message if status is "error", otherwise null | null |
data | object | null | Contains the API response data if successful, otherwise null | {...} |
Learn more about response formats →
Response Data Fields
When the request is successful, the data object contains the following fields:
| Field | Type | Sample Value | Description |
|---|---|---|---|
header | object | - | |
â”” alg | string | - | |
â”” typ | string | - | |
payload | object | - | |
â”” sub | string | - | |
â”” name | string | - | |
â”” iat | number | - | |
signature | string | - | |
isExpired | boolean | - | |
expiresAt | object | - | |
issuedAt | string | ISO timestamp of when the token was issued (from iat claim) | |
tokenAgePremium | string | Human-readable age of the token | |
warning | string | - |
Headers
Only X-API-Key is required. Optional headers include Accept for response format negotiation (JSON, XML, or YAML), User-Agent, and X-Request-ID for request tracing. See all request headers →
GraphQL AccessALPHA
Access JWT Decoder through GraphQL to combine it with other API calls in a single request. Query only the jwt decoder data you need with precise field selection, and orchestrate complex data fetching workflows.
Credit Cost: Each API called in your GraphQL query consumes its standard credit cost.
POST https://api.apiverve.com/v1/graphqlquery {
jwtdecoder(
input: {
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
) {
header {
alg
typ
}
payload {
sub
name
iat
}
signature
isExpired
expiresAt
issuedAt
tokenAge
warning
}
}Note: Authentication is handled via the x-api-key header in your GraphQL request, not as a query parameter.
CORS Support
The JWT Decoder API accepts cross-origin requests from any origin, so it can be called directly from browser-based applications without a proxy. See CORS support →
Rate Limiting
JWT Decoder requests are throttled per minute on the Free plan and unthrottled on paid plans. Exceeding the limit returns 429 Too Many Requests; rate-limit usage is reported in the X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers. See per-plan limits and best practices →
Error Codes
The JWT Decoder API uses standard HTTP status codes — 200 on success, 400 for invalid parameters, 401 for missing or invalid keys, 403 for insufficient credits, 429 for rate-limit exhaustion, and 500/503 for server-side issues. Each error response includes an X-Request-ID header you can quote when contacting support. See full error handling guide →
SDKs for JWT Decoder
Official JWT Decoder packages on npm, PyPI, NuGet, and JitPack — plus a Postman collection and an OpenAPI spec. See the SDK guide →
No-Code Integrations
JWT Decoder works with Zapier, Make, Pipedream, n8n, and Power Automate using the same API key. See setup guides →
Frequently Asked Questions
How do I get an API key for JWT Decoder?
How many credits does JWT Decoder cost?
Each successful JWT Decoder API call consumes credits based on plan tier. Check the pricing section above for the exact credit cost. Failed requests and errors don't consume credits, so you only pay for successful jwt decoder lookups.
Can I use JWT Decoder in production?
The free plan is for testing and development only. For production use of JWT Decoder, upgrade to a paid plan (Starter, Pro, or Mega) which includes commercial use rights, no attribution requirements, and guaranteed uptime SLAs. All paid plans are production-ready.
Can I use JWT Decoder from a browser?
What happens if I exceed my JWT Decoder credit limit?
When you reach your monthly credit limit, JWT Decoder API requests will return an error until you upgrade your plan or wait for the next billing cycle. You'll receive notifications at 80% and 95% usage to give you time to upgrade if needed.
People who used this also used...
Based on your interest in JWT Decoder, you might also like these APIs:
