Endpoint
Authentication
| Header | Required | Value |
|---|---|---|
X-API-Key | Yes | Your API key (bun_...) |
Content-Type | Yes | application/json |
Overview
Decode any JSON Web Token (JWT) and inspect its header, payload claims, and expiration metadata. This endpoint does not verify the signature; it decodes the token structure for debugging, logging, and display purposes.Use cases
- Debug token claims during development and integration testing
- Display user metadata from a JWT in an admin panel
- Log token details for audit trails without storing raw tokens
- Inspect third-party tokens to understand their structure
Details
Decodes standard three-part JWTs (header.payload.signature). Signature verification is not performed. The raw signature string is returned alongside the decoded header and payload. Human-readable timestamps and token status flags are derived from standard claims and returned in ameta object.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
token | string | Yes | JWT string to decode |
Example
Response
200 OK
| Field | Type | Description |
|---|---|---|
header | object | Decoded JWT header claims (e.g. alg, typ) |
payload | object | Decoded JWT payload claims |
signature | string | Raw base64url-encoded signature segment (third part of the token) |
meta | object | Derived metadata — see fields below |
| Field | Type | Description |
|---|---|---|
algorithm | string | null | Signing algorithm from header.alg (e.g. "HS256") |
type | string | null | Token type from header.typ (e.g. "JWT") |
issued_at | string | null | ISO 8601 timestamp derived from iat claim |
expires_at | string | null | ISO 8601 timestamp derived from exp claim |
not_before | string | null | ISO 8601 timestamp derived from nbf claim |
issuer | string | null | Value of the iss claim |
subject | string | null | Value of the sub claim |
audience | string | null | Value of the aud claim |
expired | boolean | null | Whether the token is currently expired (null if no exp claim) |
not_yet_valid | boolean | null | Whether the token is not yet valid per nbf (null if no nbf claim) |

