JWT Inspector API
Security
Decode and analyze JSON Web Tokens instantly. Validate JWT tokens, check expiration, and inspect claims for secure authentication workflows.
Authentication
All API requests require a valid API key passed in the Authorization header as a Bearer token.
Rate Limit
100 requests per minute
Endpoints
1 endpoint available
Overview
The JWT Inspector API decodes and analyzes JSON Web Tokens, extracting header, payload, and signature information.
Features
- Decode JWT tokens (3-part dot-separated format)
- Extract header with algorithm (alg) and type (typ)
- Parse payload with standard claims (iss, sub, aud, exp, nbf, iat, jti)
- Check expiration status (valid/expired)
- Format timestamps to human-readable dates
Use Cases
- Debug authentication issues in APIs
- Validate token claims programmatically
- Check token expiration before processing
- Inspect tokens in automated testing
Endpoints
POST
/v1/tools/jwt-inspectorDecode and analyze a JWT token
Request Body
Content-Type: application/json
| Parameter | Type | Required | Description |
|---|---|---|---|
| token | string | Required | The JWT token to decode (must have 3 parts separated by dots) |
Response Example
{
"success": true,
"data": {
"header": {
"alg": "HS256",
"typ": "JWT"
},
"payload": {
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"exp": 1716239022
},
"signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"isExpired": false,
"expiresAt": "2024-05-21T00:23:42.000Z",
"issuedAt": "2018-01-18T01:30:22.000Z"
}
}Error Codes
400
Bad Request - Invalid JWT format (must have 3 parts)401
Unauthorized - Invalid or missing API key429
Too Many Requests - Rate limit exceeded500
Internal Server ErrorCode Examples
curl -X POST https://api.opentools.ca/v1/tools/jwt-inspector \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}'