Other endpoints

Sign / mint a JWT

POST

https://jwt-api.p.rapidapi.com

/v1/sign

Signs a new JSON Web Token. Provide a payload of custom claims plus the key material for your chosen algorithm. The iat claim is set automatically and expiresIn controls exp.

Symmetric algorithms (HS256/HS384/HS512) require a shared secret.
Asymmetric algorithms (RS256/ES256/PS256) require a PEM PKCS8 privateKey.

Sign / mint a JWT › Request Body

SignRequest

object · required

Custom claims to embed. iat is set automatically.

Example: {"sub":"user_42","role":"admin"}

alg

string · enum

Signing algorithm.

Enum values:

HS256

HS384

HS512

RS256

ES256

PS256

Default: HS256

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

privateKey

string

PEM-encoded PKCS8 private key. Required for RS*/ES*/PS* algorithms. Newlines must be real \n escapes inside JSON.

Example: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ... -----END PRIVATE KEY-----

Duration string (e.g. '2h', '30m', '7d') or a positive number of seconds-from-now. Takes precedence over any exp in payload.

Example: 2h

issuer

string

Value to set as the iss claim.

Example: https://jwt-api.p.rapidapi.com

Value to set as the aud claim.

Example: my-app

subject

string

Value to set as the sub claim.

Example: user_42

Sign / mint a JWT › Responses

Signed token

SignResponse

token

string · required

POST/v1/sign

curl https://jwt-api.p.rapidapi.com/v1/sign \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'x-rapidapi-key: <api-key>' \
  --data '{
  "payload": {
    "sub": "user_42",
    "role": "admin"
  },
  "alg": "HS256",
  "secret": "super-secret-value",
  "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ...\n-----END PRIVATE KEY-----",
  "expiresIn": "2h",
  "issuer": "https://jwt-api.p.rapidapi.com",
  "audience": "my-app",
  "subject": "user_42"
}'

Example Request Body

{
  "payload": {
    "sub": "user_42",
    "role": "admin"
  },
  "alg": "HS256",
  "secret": "super-secret-value",
  "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ...\n-----END PRIVATE KEY-----",
  "expiresIn": "2h",
  "issuer": "https://jwt-api.p.rapidapi.com",
  "audience": "my-app",
  "subject": "user_42"
}

json

Example Responses

No example specified for this content type

application/json

Verify a JWT signature and claims

POST

https://jwt-api.p.rapidapi.com

/v1/verify

Verifies a JWT's cryptographic signature and enforces the exp/nbf time claims plus any expected issuer and audience. A valid token returns valid: true with the decoded payload and header. A bad, expired, or claim-mismatched token returns HTTP 200 with valid: false plus an error and code.

Pass the algorithms array to pin accepted algorithms and defend against algorithm-confusion attacks.

Verify a JWT signature and claims › Request Body

VerifyRequest

token

string · required

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

publicKey

string

PEM-encoded SPKI public key. Required for RS*/ES*/PS* algorithms.

Example: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE... -----END PUBLIC KEY-----

algorithms

string[]

Restrict accepted algorithms (defends against alg-confusion).

Example: ["HS256"]

issuer

string

Expected iss claim. Verification fails on mismatch.

Example: https://jwt-api.p.rapidapi.com

Expected aud claim. Verification fails on mismatch.

Example: my-app

Verify a JWT signature and claims › Responses

Verification result. valid:true with payload+header on success; valid:false with error+code on a bad/expired/claim-mismatched token.

oneOf

Exactly one variant must match.

Decision Table

Variant	Matching Criteria
	type = object · requires: valid
	type = object · requires: valid, error

Properties for Variant 1:

VerifySuccess

valid

boolean · required

object

POST/v1/verify

curl https://jwt-api.p.rapidapi.com/v1/verify \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'x-rapidapi-key: <api-key>' \
  --data '{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyIn0.abc123",
  "secret": "super-secret-value",
  "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE...\n-----END PUBLIC KEY-----",
  "algorithms": [
    "HS256"
  ],
  "issuer": "https://jwt-api.p.rapidapi.com",
  "audience": "my-app"
}'

Example Request Body

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyIn0.abc123",
  "secret": "super-secret-value",
  "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE...\n-----END PUBLIC KEY-----",
  "algorithms": [
    "HS256"
  ],
  "issuer": "https://jwt-api.p.rapidapi.com",
  "audience": "my-app"
}

json

Example Responses

{
  "valid": true,
  "payload": {
    "sub": "user_42",
    "role": "admin",
    "iss": "https://jwt-api.p.rapidapi.com",
    "aud": "my-app",
    "iat": 1748534400,
    "exp": 1748541600
  },
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  }
}

json

application/json

Decode a JWT WITHOUT verifying

GET

https://jwt-api.p.rapidapi.com

/v1/decode

Decodes a compact JWS and returns its unverified header and payload along with a warning. This endpoint does NOT check the signature — never trust the returned data for authorization. Use /v1/verify to validate a token.

Decode a JWT WITHOUT verifying › query Parameters

token

string · required

The compact JWS to inspect.

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyIn0.abc123

Decode a JWT WITHOUT verifying › Responses

Decoded (unverified) header and payload

DecodeResponse

warning

string

object

signature_present

boolean

Sign / mint a JWT

POST

https://jwt-api.p.rapidapi.com

/v1/sign

Signs a new JSON Web Token. Provide a payload of custom claims plus the key material for your chosen algorithm. The iat claim is set automatically and expiresIn controls exp.

Symmetric algorithms (HS256/HS384/HS512) require a shared secret.
Asymmetric algorithms (RS256/ES256/PS256) require a PEM PKCS8 privateKey.

Sign / mint a JWT › Request Body

SignRequest

object · required

Custom claims to embed. iat is set automatically.

Example: {"sub":"user_42","role":"admin"}

alg

string · enum

Signing algorithm.

Enum values:

HS256

HS384

HS512

RS256

ES256

PS256

Default: HS256

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

privateKey

string

PEM-encoded PKCS8 private key. Required for RS*/ES*/PS* algorithms. Newlines must be real \n escapes inside JSON.

Example: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ... -----END PRIVATE KEY-----

Duration string (e.g. '2h', '30m', '7d') or a positive number of seconds-from-now. Takes precedence over any exp in payload.

Example: 2h

issuer

string

Value to set as the iss claim.

Example: https://jwt-api.p.rapidapi.com

Value to set as the aud claim.

Example: my-app

subject

string

Value to set as the sub claim.

Example: user_42

Sign / mint a JWT › Responses

Signed token

SignResponse

token

string · required

Verify a JWT signature and claims

POST

https://jwt-api.p.rapidapi.com

/v1/verify

Pass the algorithms array to pin accepted algorithms and defend against algorithm-confusion attacks.

Verify a JWT signature and claims › Request Body

VerifyRequest

token

string · required

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

publicKey

string

PEM-encoded SPKI public key. Required for RS*/ES*/PS* algorithms.

Example: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE... -----END PUBLIC KEY-----

algorithms

string[]

Restrict accepted algorithms (defends against alg-confusion).

Example: ["HS256"]

issuer

string

Expected iss claim. Verification fails on mismatch.

Example: https://jwt-api.p.rapidapi.com

Expected aud claim. Verification fails on mismatch.

Example: my-app

Verify a JWT signature and claims › Responses

Verification result. valid:true with payload+header on success; valid:false with error+code on a bad/expired/claim-mismatched token.

oneOf

Exactly one variant must match.

Decision Table

Variant	Matching Criteria
	type = object · requires: valid
	type = object · requires: valid, error

Properties for Variant 1:

VerifySuccess

valid

boolean · required

object

Decode a JWT WITHOUT verifying

GET

https://jwt-api.p.rapidapi.com

/v1/decode

Decode a JWT WITHOUT verifying › query Parameters

token

string · required

The compact JWS to inspect.

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyIn0.abc123

Decode a JWT WITHOUT verifying › Responses

Decoded (unverified) header and payload

DecodeResponse

warning

string

object

signature_present

boolean