{"header":{"alg":"HS256","typ":"JWT"},"payload":{"sub":"1234567890","name":"John Doe","iat":1516239022},"claims":{"issued_at":"2018-01-18T01:30:22.000Z"},"algorithm":"HS256"}
curl --location --request POST 'https://zylalabs.com/api/13166/token+decoder+and+verifier+api/26712/decode+a+token' --header 'Authorization: Bearer YOUR_API_KEY'
--data-raw '{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'
After signing up, every developer is assigned a personal API access key, a unique combination of letters and digits provided to access to our API endpoint. To authenticate with the Token Decoder and Verifier API simply include your bearer token in the Authorization header.
| Header | Description |
|---|---|
Authorization
|
Required
Should be Bearer access_key. See "Your API Access Key" above when you are subscribed.
|
No long-term commitment. Upgrade, downgrade, or cancel anytime. Free Trial includes up to 50 requests.
(Save 2 months with annual billing 🎉)
Trusted by leading companies
Inspect and verify signed web tokens without local tooling. The decode endpoint opens any token into its header, payload and time claim checks; the verify endpoint also validates the signature with your shared secret or public key.
Useful for debugging sign-in and single sign-on issues, verifying webhook and partner tokens, inspecting third party tokens during integrations, and checks in delivery pipelines.
The Decode endpoint returns the token's header, payload, and time claim checks, including expiration, not before, and issue time. The Verify endpoint additionally confirms the token's signature validity using a shared secret or public key.
Key fields in the Decode response include "header" (algorithm and type), "payload" (user data), "claims" (time-related claims), and "algorithm" (the signature algorithm used). Each field provides essential information about the token's structure and validity.
The response data is structured in JSON format, with distinct sections for "header," "payload," and "claims." Each section contains relevant information, making it easy to parse and understand the token's components and their meanings.
The Decode endpoint provides information about the token's structure and claims, while the Verify endpoint offers insights into the token's signature validity. This includes details on the algorithm used and the results of the signature check.
Users can customize their requests by specifying the token they wish to decode or verify. The API processes the provided token and returns relevant information based on its content and the chosen endpoint.
Typical use cases include debugging sign-in issues, verifying webhook tokens, inspecting third-party tokens during integrations, and ensuring token validity in delivery pipelines. This helps maintain secure and reliable authentication processes.
Data accuracy is maintained by processing tokens in memory without storage, ensuring that only the most current and relevant information is evaluated. The API also supports multiple algorithms, allowing for robust verification methods.
Users can expect standard patterns in the token structure, such as consistent header fields (e.g., "alg" and "typ") and payload fields (e.g., "sub" and "iat"). Time claims will typically include "exp," "nbf," and "iat," providing a clear timeline of token validity.
To obtain your API key, first sign in to your account and navigate to the API you want to use. From the API's Pricing section, choose a plan and complete the subscription process. Once subscribed, return to the API page and you will see your API Access Key displayed at the top of the documentation page. You can use this key to authenticate your requests.
You can’t switch APIs during the free trial. If you subscribe to a different API, your trial will end and the new subscription will start as a paid plan.
The free trial lasts for 7 days and allows you to make up to 50 API requests.
No, the free trial is available only once, so we recommend using it on the API that interests you the most. Most of our APIs offer a free trial, but some may not include this option.
Yes. If the API offers a free trial, you will see a "Free 7-Day Trial" option in its Pricing section. The trial lasts for 7 days and allows up to 50 API requests, enabling you to evaluate the API before subscribing to a paid plan.
Zyla API Hub is like a big store for APIs, where you can find thousands of them all in one place. We also offer dedicated support and real-time monitoring of all APIs. Once you sign up, you can pick and choose which APIs you want to use. Just remember, each API needs its own subscription. But if you subscribe to multiple ones, you'll use the same key for all of them, making things easier for you.
You can monitor your API usage through the response headers included with every request:
x-zyla-api-calls-monthly-used: Shows the total number of API requests you have used during the current billing period.
x-zyla-api-calls-monthly-remaining: Shows the number of API requests you have remaining for the current billing period.
Yes, you can cancel your subscription at any time. Simply go to the Pricing section of the API you're subscribed to and click the "Unsubscribe" button.
Please note that upgrades, downgrades, and cancellations take effect immediately. Once your subscription is canceled, access to the service will end immediately, regardless of any remaining API calls in your quota.
Please have a look at our Refund Policy: https://zylalabs.com/terms#refund