Extracts header and payload from JWT tokens without signature verification. Use via MCP in Cursor or Windsurf, or GET /v1/encode/jwt/decode with the token parameter. Returns decoded JSON for both sections — useful for debugging auth flows or inspecting token claims. Perfect for development when you need to peek inside JWTs quickly.
curl "https://tinyfn.io/v1/encode/jwt/decode" \
-H "X-API-Key: YOUR_API_KEY"const response = await fetch('https://tinyfn.io/v1/encode/jwt/decode', {
headers: { 'X-API-Key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data);import requests
response = requests.get('https://tinyfn.io/v1/encode/jwt/decode',
headers={'X-API-Key': 'YOUR_API_KEY'})
data = response.json()
print(data)Connect your AI agent (Claude, Cursor, Windsurf, etc.) to TinyFn's encoding tools:
{
"mcpServers": {
"tinyfn-encoding": {
"url": "https://tinyfn.io/mcp/encoding",
"headers": {
"X-API-Key": "YOUR_API_KEY"
}
}
}
}Send the JWT to GET /v1/encode/jwt/decode or use the MCP tool in your AI editor. Returns the decoded header and payload as JSON objects.
Decode extracts the header and payload without cryptographic verification. Verify validates the signature against a secret — decode is faster for inspection, verify ensures authenticity.
Yes, the MCP integration lets AI agents decode JWTs directly in your editor. Great for troubleshooting authentication issues or inspecting token expiration times.
Returns a JSON object with separate 'header' and 'payload' fields, each containing the decoded claims. The signature portion is ignored during decoding.
Yes, since there's no signature verification, it decodes any properly formatted JWT regardless of expiration or validity. Only checks base64 structure, not cryptographic integrity.