JWT
Decoder & Verifier
Paste a JSON Web Token to see its header, payload, expiry and claims — with optional HMAC / RSA / ECDSA signature verification. All client-side. Nothing leaves your browser.
100% client-side • Secrets & keys stay in your browser • No registration
What is a JWT?
A JSON Web Token is a compact, URL-safe credential made of three base64url-encoded parts separated by dots: a header, a payload, and a signature.
The header and payload are not encrypted — they are plain JSON anyone can read. The signature only proves the token has not been tampered with by a party that holds the key.
This decoder splits the token, pretty-prints the JSON, annotates standard claims (iss, sub, exp…), and optionally verifies the signature with the browser's SubtleCrypto API.
Decode a JSON Web Token
Paste a token — the header, payload and claims decode as you type
Pasted tokens and secrets stay in your browser — nothing is sent to our servers.
Decoded header appears here.
Decoded payload appears here.
Debugging Auth on Real Sites?
Scrappey returns clean HTML, JSON, and full session context from any URL — inspect the tokens your scrapers receive.
Why Use Scrappey's JWT Decoder?
Built for developers debugging auth and reverse-engineering sessions
Live Decoding
Header, payload and claims decode the instant you paste — no Decode button, no roundtrip.
100% Client-Side
Tokens, secrets and keys are processed entirely in your browser with SubtleCrypto. Nothing is uploaded.
Signature Verification
Verify HS256/384/512, RS*, PS*, and ES* signatures locally against a secret or a PEM public key.
Expiry & Age
See exp / iat / nbf rendered as human time, with an expired-N-ago or in-N badge at a glance.
Claim Annotations
Standard claims (iss, sub, aud, jti…) are labelled; custom claims pass through unchanged.
Pretty-Printed JSON
Header and payload are formatted and one click away from your clipboard.
JWT Decoder FAQ
What is a JWT?
A JSON Web Token is a compact, URL-safe token with three base64url parts — header, payload, and signature — used to carry claims between parties, most commonly for authentication and authorisation.
Are JWTs encrypted?
No. A standard signed JWT (JWS) is not encrypted — the header and payload are base64url-encoded plaintext that anyone can decode. The signature only proves integrity and authenticity, not confidentiality. Never put secrets in a JWT payload.
Does this tool send my token anywhere?
No. Decoding and signature verification run entirely in your browser using built-in APIs. Your token, secret, and keys never leave the page.
What's the difference between HS256 and RS256?
HS256 is a symmetric HMAC algorithm — the same secret signs and verifies. RS256 is asymmetric — a private key signs and the corresponding public key verifies, so you can hand out the public key without exposing signing power.
Why does my JWT show "Invalid signature" when I know it is valid?
Usually you pasted the wrong secret or public key, the key format is off (HMAC expects the raw secret, asymmetric expects a PEM SPKI public key), or the token uses an algorithm this tool does not support. Double-check the alg field in the header.
Integrations
n8n
Automate workflows visually. Streamline data collection processes.
n8n Template
Pre-built template for modern websites. Simplifies Scrappey integration.
RapidAPI
Access via API marketplace. Easy integration with comprehensive docs.
Apify
Scalable actor-based automation. Reliable browser rendering.
MCP Server
AI-powered browser automation. Intelligent session management.
Scrappey CLI
Scrape from your terminal. One command, pipeable output, CI-ready.
Claude Code Skill
Portable skill for Claude Code + Codex. Browser-backed data access on demand.
LangChain
LangChain connector — clean web data for any chain or agent.
LlamaIndex
LlamaIndex reader — load modern web pages straight into RAG.
Zapier
Connect with 7,000+ apps. Automate workflows easily.
Make
Visual workflow automation. Connect with 1,000+ apps easily.
Start building with Scrappey
Try It For Free. No Subscription Required. No Credit Card Required. Instant Set-Up. 150 Free Requests Are Waiting For You!
Frequently asked questions
What is Scrappey.com?
Scrappey.com is a web scraping API that handles all the complex aspects of web scraping, such as handling dynamic content, rotating proxies, advanced request handling, headless browsers, and verification processing. It offers an all-in-one solution for extracting publicly available data from websites.
How does Scrappey.com work?
Scrappey.com provides a web scraping API that allows you to send requests to extract publicly available data from websites. It handles dynamic content and modern website complexity, including rotating proxies, advanced request handling, and verification processing. You can easily extract publicly available data from websites using their built-in features like headless browsers and AI-powered data extraction.
Can I customize the proxies used for scraping?
Yes, with Scrappey.com, you have the option to use Sticky Rotating Proxies for seamless scraping. Alternatively, you can also set your own proxies if desired.
Is there a free trial available?
Yes, Scrappey.com offers a free trial where you can try it out without a subscription or credit card. Instant setup is provided, and you get 150 free scrapes to explore the capabilities of the platform.
What happens if a request fails?
We only charge for successful requests. Failed requests are not counted towards your usage, so you only pay for what works.
I need to scroll or click on a button on the page I want to scrape
No problem, you can pass any JavaScript snippet that needs to be executed by using our JavaScript scenario parameter. This allows you to interact with dynamic content, scroll pages, click buttons, wait for elements, and perform any custom JavaScript actions before extracting the data.
What is the pricing structure for Scrappey.com?
Scrappey.com offers simple and transparent pricing: €0.20 per 1,000 direct HTTP requests and €1.00 per 1,000 full-browser requests. Residential proxies are included on both tiers — no separate proxy billing, no hidden fees, no complicated pricing tiers. You only pay for successful requests.
Are there any usage restrictions or limitations?
Scrappey.com provides scalable access for extracting publicly available data. Whether you need to extract data from a few pages or a large dataset of publicly accessible content, you can do so with flexible usage options. Please note that Scrappey.com only supports scraping publicly available data, and users must comply with applicable laws and website terms of service.
What support channels are available?
Scrappey.com provides various support channels for assistance. You can refer to their documentation, frequently asked questions section, blog, and uptime status page. Additionally, you can get in touch with them via email or join their Discord community for further support.
I'm not a developer, can you create custom scraping scripts for me?
We don't create custom scraping scripts, however we will gladly write some code snippets helping you to use our most powerful features: AI-powered data extraction and JavaScript scenario. Our documentation includes examples in multiple programming languages to get you started quickly.
What is a request and how are they counted?
Each API call to Scrappey counts as one request. Our pricing is based on successful requests. By default, JavaScript rendering is enabled, which allows you to extract data from modern websites with dynamic content. All features including proxies, CAPTCHA solving, and advanced web access handling are included in each request.
How fast is Scrappey's API and what if a site is hard to scrape?
Scrappey's API is optimized for fast response time, even when dealing with complex or protected websites. If other scrapers struggle with sites that have advanced security measures, Scrappey is designed to handle these challenges efficiently, ensuring reliable data retrieval. Our advanced web access handling, residential proxies, and intelligent retry logic work together to maximize success rates.