JWT
GET/v0/jwt
Validates the structure of a JSON Web Token (JWT) and decodes its header and payload. Does not verify the signature — only the token format and structure are checked. Useful for inspecting token contents without a secret or public key.
Try it
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| value | string | Yes | The JWT string to validate (three base64url-encoded parts separated by dots) |
Example Request
curl -H "Authorization: Bearer YOUR_API_KEY" \ "https://api.isvalid.dev/v0/jwt?value=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Response Fields
| Field | Type | Description |
|---|---|---|
| valid | boolean | Whether the token has a valid JWT structure (three parts, parseable JSON header and payload, alg field present in header) |
| algorithm | string | The signing algorithm declared in the header, e.g. HS256, RS256. Only present when valid is true. |
| header | object | The decoded JWT header object. Only present when valid is true. |
| payload | object | The decoded JWT payload object. Only present when valid is true. |
| issuedAt | string | null | ISO 8601 timestamp derived from the iat claim, or null if absent. Only present when valid is true. |
| expiresAt | string | null | ISO 8601 timestamp derived from the exp claim, or null if absent. Only present when valid is true. |
| expired | boolean | null | Whether the token is past its expiry time. null when no exp claim is present. Only present when valid is true. |
Example Response
{
"valid": true,
"algorithm": "HS256",
"header": { "alg": "HS256", "typ": "JWT" },
"payload": { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 },
"issuedAt": "2018-01-18T01:30:22.000Z",
"expiresAt": null,
"expired": null
}