# JWT API > A fast, fully-local JSON Web Token toolkit: sign a JSON payload into a JWT, verify a token signature together with its exp and nbf claims using a constant-time comparison, and decode a token header and payload without verifying. Supports the HMAC algorithms HS256, HS384 and HS512, automatically adds the iat claim and an exp claim from expires_in. Built on Node crypto and secrets are never logged, so responses are instant, private and always available. Every endpoint accepts input via the query string or the request body. Ideal for authentication, API gateways, session and token tooling, microservices and webhooks. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/jwt-api/..." ``` ## Pricing - **Free** (Free) — 6,000 calls/Mo, 2 req/s - **Basic** ($6/Mo) — 125,000 calls/Mo, 8 req/s - **Pro** ($20/Mo) — 850,000 calls/Mo, 25 req/s - **Mega** ($50/Mo) — 4,500,000 calls/Mo, 80 req/s ## Endpoints ### JWT #### `GET /v1/decode` — Decode a JWT (no verify) **Parameters:** - `token` (query, required, string) — JWT to decode Example: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMifQ.4HhAh4FVL4hWfDw6Q3RZ4nM6F1mC_8h0nC9HxQ-uXyk` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/jwt-api/v1/decode?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMifQ.4HhAh4FVL4hWfDw6Q3RZ4nM6F1mC_8h0nC9HxQ-uXyk" ``` **Response:** ```json { "data": { "header": { "alg": "HS256", "typ": "JWT" }, "payload": { "sub": "123" }, "signature_present": true }, "meta": { "timestamp": "2026-05-30T10:10:54.829Z", "request_id": "dcfff290-91f7-41db-9f90-903189cad298" }, "status": "ok", "message": "OK", "success": true } ``` #### `GET /v1/sign` — Sign a JWT **Parameters:** - `payload` (query, required, string) — JSON payload object Example: `{"sub":"123","name":"Ada"}` - `secret` (query, required, string) — Signing secret Example: `your-256-bit-secret` - `algorithm` (query, optional, string) — HS256, HS384 or HS512 Example: `HS256` - `expires_in` (query, optional, string) — TTL in seconds (adds exp) Example: `3600` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/jwt-api/v1/sign?payload=%7B%22sub%22%3A%22123%22%2C%22name%22%3A%22Ada%22%7D&secret=your-256-bit-secret&algorithm=HS256&expires_in=3600" ``` **Response:** ```json { "data": { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJuYW1lIjoiQWRhIiwiaWF0IjoxNzgwMTM1ODU0LCJleHAiOjE3ODAxMzk0NTR9.ioG5FjyOLaRMsefX8sAk_8z5KnTsj6ADuJxIbSKkbxc", "header": { "alg": "HS256", "typ": "JWT" }, "payload": { "exp": 1780139454, "iat": 1780135854, "sub": "123", "name": "Ada" }, "algorithm": "HS256" }, "meta": { "timestamp": "2026-05-30T10:10:54.903Z", "request_id": "14145667-35c5-49d8-b70f-1762721e3178" }, "status": "ok", "message": "OK", "success": true } ``` #### `GET /v1/verify` — Verify a JWT **Parameters:** - `token` (query, required, string) — JWT to verify Example: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMifQ.4HhAh4FVL4hWfDw6Q3RZ4nM6F1mC_8h0nC9HxQ-uXyk` - `secret` (query, required, string) — Signing secret Example: `your-256-bit-secret` **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/jwt-api/v1/verify?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMifQ.4HhAh4FVL4hWfDw6Q3RZ4nM6F1mC_8h0nC9HxQ-uXyk&secret=your-256-bit-secret" ``` **Response:** ```json { "data": { "error": "signature verification failed", "valid": false }, "meta": { "timestamp": "2026-05-30T10:10:54.984Z", "request_id": "20073e8a-8973-42ab-ad79-0779cde17829" }, "status": "ok", "message": "OK", "success": true } ``` --- Marketplace page: https://www.oanor.com/api/jwt-api OpenAPI spec: https://www.oanor.com/api/jwt-api/openapi.json