JWT verify

POST /api/jwt-verify

Verify a JWT signature with HS256/HS384/HS512 and return the decoded claims. Catches expired, mis-issued, or wrong-audience tokens with a clear error.

Verifies a JWT against a shared secret and, on success, returns the decoded claims. On failure returns `{valid: false, reason}`. Verification covers: - Signature validity (HS256 / HS384 / HS512). - `exp` (expiry) and `nbf` (not-before) claims. - Optional `issuer` / `audience` checks if you supply them. Missing or extra claims are fine — only the ones you check are enforced.

Inputs

Name	Type	Default	Description
jwt*	string	—	The JWT to verify (a `header.payload.signature` string).
secret*	string	—	HMAC secret. Must match the one used to sign the token.
expectedAlgorithm	enum (HS256 \| HS384 \| HS512)	—	If set, the token's alg header must match. Recommended for production verifiers.
clockSkewSeconds	number (0…3600)	0	Tolerance applied to exp and nbf checks (seconds).
ignoreExpiration	boolean	false	Skip the exp claim check.
ignoreNotBefore	boolean	false	Skip the nbf claim check.

Response

Modes: json. Cache: not cacheable.