Security

JWT Decoder

Inspect JWT headers and payload claims quickly while keeping the tool read-only and signature-agnostic.

SALE POST /jwt/decode Open API docs

Output

Server-side output from the same processor used by the public API endpoint.

API usage

curl -X POST \
  'https://api.sloxlydev.in/jwt/decode' \
  -H 'Content-Type: application/json' \
  -d '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzbG94bHl1c2VyIiwicm9sZSI6ImRldmVsb3BlciJ9.signature"}'

How it works

The decoder splits the JWT into its three parts, performs Base64URL decoding on the header and payload, and returns the resulting JSON. Signature verification is intentionally out of scope for this public helper.

Example

Input sample

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzbG94bHl1c2VyIiwicm9sZSI6ImRldmVsb3BlciJ9.signature

Example

Output sample

{
    "header": {
        "alg": "HS256",
        "typ": "JWT"
    },
    "payload": {
        "sub": "sloxlyuser",
        "role": "developer"
    },
    "signature": "signature",
    "verified": false,
    "note": "This public decoder does not verify JWT signatures."
}

API usage

Integration notes

Submit the token under the token field. The endpoint returns the decoded header and payload with a clear note that signature validation is not performed.

FAQ

Common questions

Does the JWT decoder verify signatures?: No. It only decodes and displays the header and payload sections.