JWT Decode API - Free Token Inspector
Decode a JWT and extract the header (algorithm, type), payload (claims, expiry, issuer), and signature. Does not verify the signature; use this for inspection and debugging.
Code examples
curl -X POST https://api.botoi.com/v1/jwt/decode \
-H "Content-Type: application/json" \
-d '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'When to use this API
Debugging authentication failures
Decode JWTs from failing requests to inspect the issuer, audience, and expiry claims without setting up a local verification environment.
Admin token inspection tools
Build an internal tool where support engineers can paste a user JWT and see its claims, helping diagnose permission issues.
Logging and monitoring pipelines
Extract the sub and iat claims from JWTs in request logs to correlate actions with user IDs and timestamps.
Frequently asked questions
Does this verify the JWT signature?
No. This endpoint only decodes the token. Use it for inspection and debugging, not for authentication decisions.
Is it safe to send production JWTs to this API?
The API does not store tokens. However, if the JWT contains sensitive claims, consider decoding it locally instead.
What token formats are supported?
The API accepts standard three-part JWTs (header.payload.signature) encoded in Base64URL.
Can I decode expired tokens?
Yes. The API decodes any well-formed JWT regardless of its expiry status.
Get your API key
Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.