Security

JWT Decoder & Security Auditor

Decode JWT header and payload, verify HS256 or RS256 signatures, and flag algorithm, expiry, and sensitive-claim security risks

html· HTML resultOpen tool

Quick start

Call this tool from your code in three languages.

cURL

curl -X POST 'https://api.elysiatools.com/en/api/tools/jwt-decoder-security-auditor' \
  -H 'Content-Type: application/json' \
  -d '{"jwtToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJyb2xlIjoidXNlciIsImVtYWlsIjoidXNlckBleGFtcGxlLmNvbSIsImV4cCI6MjAwMDAwMDAwMH0.0jVQ4ZJ1vF6K_6n0Xm2jtfwIY3PrM6t5Z2iB4Wn7s0w","hmacSecret":"super-secret-demo-key","rsaPublicKey":"-----BEGIN PUBLIC KEY-----"}'

API reference

Send a POST request with your inputs as JSON. File parameters require a separate upload first.

Endpoint

HTTP

POST https://api.elysiatools.com/en/api/tools/jwt-decoder-security-auditor

Parameters

Name	Type	Required	Description
jwtToken	textarea	No	—
hmacSecret	text	No	—
rsaPublicKey	textarea	No	—

Response format

HTML result

JSON

{
  "result": "<div>Processed HTML content</div>",
  "error": "Error message (optional)",
  "message": "Notification message (optional)",
  "metadata": {
    "key": "value"
  }
}

MCP integration

Add this tool to your Model Context Protocol server so AI agents can list and call it.

Server configuration

Add this block to your MCP client configuration:

mcp.json

{
  "mcpServers": {
    "elysiatools-jwt-decoder-security-auditor": {
      "name": "jwt-decoder-security-auditor",
      "description": "Decode JWT header and payload, verify HS256 or RS256 signatures, and flag algorithm, expiry, and sensitive-claim security risks",
      "baseUrl": "https://api.elysiatools.com/mcp/sse?toolId=jwt-decoder-security-auditor",
      "command": "",
      "args": [],
      "env": {},
      "isActive": true,
      "type": "sse"
    }
  }
}

List available tools

After connecting to the SSE endpoint, list the exposed tools:

tools/list

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/list"
}

Call this tool

Invoke the tool by its id, passing arguments built from its parameters:

tools/call

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "jwt-decoder-security-auditor",
    "arguments": {
  "jwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJyb2xlIjoidXNlciIsImVtYWlsIjoidXNlckBleGFtcGxlLmNvbSIsImV4cCI6MjAwMDAwMDAwMH0.0jVQ4ZJ1vF6K_6n0Xm2jtfwIY3PrM6t5Z2iB4Wn7s0w",
  "hmacSecret": "super-secret-demo-key",
  "rsaPublicKey": "-----BEGIN PUBLIC KEY-----"
}
  }
}

Chain multiple tools in one session with a comma-separated toolId list, e.g. /mcp/sse?toolId=png-to-webp,jpg-to-webp,gif-to-webp (max 20).

Browse tools Open tool