Schemas

SignRequest

object · required

Custom claims to embed. iat is set automatically.

Example: {"sub":"user_42","role":"admin"}

alg

string · enum

Signing algorithm.

Enum values:

HS256

HS384

HS512

RS256

ES256

PS256

Default: HS256

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

privateKey

string

PEM-encoded PKCS8 private key. Required for RS*/ES*/PS* algorithms. Newlines must be real \n escapes inside JSON.

Example: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ... -----END PRIVATE KEY-----

Duration string (e.g. '2h', '30m', '7d') or a positive number of seconds-from-now. Takes precedence over any exp in payload.

Example: 2h

issuer

string

Value to set as the iss claim.

Example: https://jwt-api.p.rapidapi.com

Value to set as the aud claim.

Example: my-app

subject

string

Value to set as the sub claim.

Example: user_42

SignResponse

token

string · required

VerifyRequest

token

string · required

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

publicKey

string

PEM-encoded SPKI public key. Required for RS*/ES*/PS* algorithms.

Example: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE... -----END PUBLIC KEY-----

algorithms

string[]

Restrict accepted algorithms (defends against alg-confusion).

Example: ["HS256"]

issuer

string

Expected iss claim. Verification fails on mismatch.

Example: https://jwt-api.p.rapidapi.com

Expected aud claim. Verification fails on mismatch.

Example: my-app

VerifySuccess

valid

boolean · required

object

VerifyFailure

valid

boolean · required

error

string · required

code

string

DecodeResponse

warning

string

object

signature_present

boolean

Error

error

string · required

Error message

Example: token is required

SignRequest

object · required

Custom claims to embed. iat is set automatically.

Example: {"sub":"user_42","role":"admin"}

alg

string · enum

Signing algorithm.

Enum values:

HS256

HS384

HS512

RS256

ES256

PS256

Default: HS256

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

privateKey

string

PEM-encoded PKCS8 private key. Required for RS*/ES*/PS* algorithms. Newlines must be real \n escapes inside JSON.

Example: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQ... -----END PRIVATE KEY-----

Duration string (e.g. '2h', '30m', '7d') or a positive number of seconds-from-now. Takes precedence over any exp in payload.

Example: 2h

issuer

string

Value to set as the iss claim.

Example: https://jwt-api.p.rapidapi.com

Value to set as the aud claim.

Example: my-app

subject

string

Value to set as the sub claim.

Example: user_42

VerifyRequest

token

string · required

secret

string

Shared secret. Required for HS* algorithms.

Example: super-secret-value

publicKey

string

PEM-encoded SPKI public key. Required for RS*/ES*/PS* algorithms.

Example: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE... -----END PUBLIC KEY-----

algorithms

string[]

Restrict accepted algorithms (defends against alg-confusion).

Example: ["HS256"]

issuer

string

Expected iss claim. Verification fails on mismatch.

Example: https://jwt-api.p.rapidapi.com

Expected aud claim. Verification fails on mismatch.

Example: my-app