This is a decoder for JSON Web Tokens with an x402 micropayment layer baked in. It exposes tools to inspect JWT headers, payloads, claims, and expiry timestamps without needing to paste tokens into random websites. The repository is pretty bare, just TypeScript source and config files, so you're connecting to a remote endpoint at jwt-decoder.api.klymax402.com rather than running it locally. The x402 integration means you're paying per decode operation, which is an unusual model for what's typically a free utility. Reach for this if you're already in an x402 payment flow and need JWT inspection without context switching, but for casual debugging you'd probably just use jwt.io.
Public tool metadata for what this MCP can expose to an agent.
security_decode_jwtUse this when you need to decode and inspect a JWT token without verifying its signature. Returns the full header, payload, and expiration status. 1. header -- algorithm (RS256, HS256, etc.) and toke1 paramsUse this when you need to decode and inspect a JWT token without verifying its signature. Returns the full header, payload, and expiration status. 1. header -- algorithm (RS256, HS256, etc.) and toke
tokenstringDecode and inspect JWT tokens without verification. Extracts header, payload, claims, expiry, and signature algorithm. Pay-per-call via x402 (USDC on Base L2) -- no API key, no signup, no rate-limit wall.
Part of the klymax402 marketplace -- 100 x402 micropayment APIs for AI agents, one wallet, USDC on Base.
Add to your MCP client config (Claude Desktop, Cursor, ElizaOS, etc.):
{
"mcpServers": {
"jwt-decoder": {
"url": "https://jwt-decoder.api.klymax402.com/mcp"
}
}
}
curl -X POST "https://jwt-decoder.api.klymax402.com/api/decode" \
-H "Content-Type: application/json" \
-d '{"token":"..."}'
# -> 402 Payment Required, with an x402 payment challenge in the response body
Any x402-aware client (@x402/fetch, x402-agent-tools, ATXP) handles the 402 -> sign -> retry cycle automatically.
| Tool | Method | Path | Price | Description |
|---|---|---|---|---|
security_decode_jwt | POST | /api/decode | $0.001 | Decode a JWT token without signature verification |
security_decode_jwtUse this when you need to decode and inspect a JWT token without verifying its signature. Returns the full header, payload, and expiration status.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
token | string | yes | The JWT token to decode (format: header.payload.signature) |
Example response:
{"header":{"alg":"RS256","typ":"JWT"},"payload":{"sub":"user123","exp":1720000000},"issuedAt":"2025-01-01T00:00:00Z","expiresAt":"2025-07-03T00:00:00Z","isExpired":false}
When to use: debugging authentication issues, inspecting token claims before API calls, or verifying token expiry. Use this BEFORE making authenticated requests to check if a token needs refreshing.
Not for: hashing data (use crypto_generate_hash), base64 encoding/decoding (use utility_encode_base64), password analysis (use security_check_password).
eip155:8453)100 x402 micropayment APIs for AI agents -- one wallet, USDC on Base, zero signup.
MIT