Developer interface
JWT Decode API
Decode JSON Web Tokens and extract header, payload, and metadata.
The Velohost JWT Decode API provides a programmatic way to inspect JSON Web Tokens (JWTs) without performing signature verification.
It decodes the token structure and returns the header, payload, signature, and associated metadata.
Base API URL
All endpoints listed below are relative to this base URL.
https://api.velohost.co.uk/jwt/ Rate limiting
This API is protected by a global rate limit to ensure fair usage and platform stability.
- Limit: 30 requests per 10 seconds per IP address
- Burst traffic is allowed
- No authentication required
-
Requests exceeding the limit return
HTTP 429
This limit applies across all Velohost public APIs.
Error responses
The API uses standard HTTP status codes to indicate errors.
Returned when the global rate limit is exceeded.
{
"detail": "Rate limit exceeded"
}
Returned when the token parameter is missing or invalid.
Endpoints
Decode JWT
Decodes a JSON Web Token and extracts its header, payload, signature, and associated metadata.
GET /decode?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.dyt0CoTl4WoVjAHI9Q_CwSKhl6d_9rhM3NrXuJttkao
{
"input": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.dyt0CoTl4WoVjAHI9Q_CwSKhl6d_9rhM3NrXuJttkao",
"header": {
"alg": "HS256",
"typ": "JWT"
},
"payload": {
"sub": "1234567890",
"name": "John Doe",
"admin": true
},
"signature": "dyt0CoTl4WoVjAHI9Q_CwSKhl6d_9rhM3NrXuJttkao",
"algorithm": "HS256",
"token_type": "JWT",
"expires_at": null,
"issued_at": null,
"issuer": null,
"audience": null,
"subject": "1234567890",
"encoding": "jwt",
"source": "decode"
} Learn more
Explore the tool, documentation, and guides.