ToolTeeno

JWT Debugger

Security Notice

Never share your secret keys publicly. This tool runs entirely in your browser and does not store or transmit your tokens or secrets.

Only HMAC algorithms (HS256, HS384, HS512) are supported for signature verification

Decode and inspect JSON Web Tokens (JWT) including header, payload, and signature validation.

API Access

Use this tool programmatically via our REST API. Perfect for debugging, validation, and automated testing of JWT tokens.

Endpoint

POST https://toolteeno.com/api/jwt-debugger

Request Body

{
  "token": "string",   // Required: JWT token to decode
  "secret": "string"   // Optional: Secret for signature verification
}

Example Response

{
  "success": true,
  "decoded": {
    "header": { "alg": "HS256", "typ": "JWT" },
    "payload": {
      "sub": "1234567890",
      "name": "John Doe",
      "iat": 1516239022
    },
    "signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
  },
  "timestamps": {
    "issuedAt": {
      "timestamp": 1516239022,
      "date": "2018-01-18T01:30:22.000Z"
    }
  },
  "signatureValid": true,
  "algorithm": "HS256",
  "type": "JWT"
}

cURL Example

curl -X POST https://toolteeno.com/api/jwt-debugger \
  -H "Content-Type: application/json" \
  -d '{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "secret": "your-256-bit-secret"
  }'

JavaScript/Fetch Example

const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...';

const response = await fetch('https://toolteeno.com/api/jwt-debugger', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    token: token,
    secret: 'your-256-bit-secret' // Optional
  })
});

const data = await response.json();
console.log('Header:', data.decoded.header);
console.log('Payload:', data.decoded.payload);
console.log('Signature Valid:', data.signatureValid);
console.log('Expired:', data.timestamps?.isExpired);

Python Example

import requests

token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

response = requests.post(
    'https://toolteeno.com/api/jwt-debugger',
    json={
        'token': token,
        'secret': 'your-256-bit-secret'  # Optional
    }
)

result = response.json()
print(f"Algorithm: {result['algorithm']}")
print(f"Signature Valid: {result['signatureValid']}")
print(f"Payload: {result['decoded']['payload']}")

if result['timestamps'].get('isExpired'):
    print("Token is expired!")

Common Use Cases

  • Development: Debug authentication issues during development
  • Validation: Verify JWT structure and signature
  • Inspection: Examine claims and payload data
  • Expiration: Check if tokens are expired
  • Learning: Understand JWT structure and encoding
  • Testing: Automated testing of JWT generation

Security: This API does not store or log any tokens or secrets. Always keep your secret keys private!

This API is completely free to use with no rate limits or authentication required!

Back to HomeAll Tools →