The problem every dev hits
Testing JWT auth in CI/CD sucks.
jwt.io is perfect but has no API. Auth0's JWT libs need setup. Most online tools rate limit you after 10 requests. You just want to decode or verify a token in a GitHub Action without installing 3 packages.
So I built RK JWT API #003
6 actions. 1 endpoint. 102ms average response.
What it does:
-
decode - Instantly decode any JWT. Returns header, payload,
expires_in_human -
verify - HS256/384/512 signature validation. Pass
secret, getvalid: true/false - verify_jwks - RS256/384/512 via JWKS URL. Works with Auth0, Firebase, Supabase, Okta
-
sign - Generate test JWTs. Custom payload,
expiresIn. Perfect for mocking auth -
inspect - Security audit. Detects
alg:none, expired tokens, clock skew. Returnsrisk_score - bulk_decode - Send 100 tokens, get results back. Built for log analysis
Zero friction:
- No API keys
- No signup
- CORS enabled
- Stateless - no logging, no tracking
- Every response includes
"by": "RK"so you know it worked
Stack: Vercel Edge Functions + jose. Handles malformed JWTs and edge cases.
Try it right now
Live: https://rapidapi.com/mawmawia/api/rk-jwt-api
Free tier: 1k requests/month. No credit card.
Quick test in cURL:
bash
curl -X POST https://rk-jwt-api.p.rapidapi.com/api \
-H "X-RapidAPI-Key: YOUR_RAPIDAPI_KEY" \
-H "Content-Type: application/json" \
-d '{"action":"decode","token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJSUyJ9.signature"}'