JWT API

Decode, verify, and encode JSON Web Tokens. Free. No signup.

Endpoints

POST /jwt/decode

Decode a JWT without verifying its signature. Returns header, payload, signature, and human-readable timestamps for iat/exp/nbf.

curl -X POST https://forge-node.tail2b516d.ts.net/jwt/decode \
  -H "Content-Type: application/json" \
  -d '{"token": "eyJhbGciOi..."}'

POST /jwt/verify

Verify a JWT signature with a secret or public key.

curl -X POST https://forge-node.tail2b516d.ts.net/jwt/verify \
  -H "Content-Type: application/json" \
  -d '{"token": "...", "secret": "your-secret", "algorithm": "HS256"}'

POST /jwt/encode

Create a new signed JWT.

curl -X POST https://forge-node.tail2b516d.ts.net/jwt/encode \
  -H "Content-Type: application/json" \
  -d '{"payload": {"sub": "user", "exp": 1900000000}, "secret": "key", "algorithm": "HS256"}'

Supported algorithms

HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512, none.

Rate limit

120 requests per minute per IP. Need more? Contact for higher tiers.

Notes

All processing is in-memory. No tokens are logged or stored.
The none algorithm is supported for parsing legacy tokens but is insecure for production.
For RS256/ES256 verification, pass the PEM-encoded public key in the secret field.

← Forge Gateway home