API Response Debugging Workflow
Decode JWT tokens, format JSON payloads, and decode Base64 fields in API responses. A complete debugging workflow for REST and GraphQL APIs.
The Problem
API responses often contain nested JWT tokens, Base64-encoded fields, and deeply nested JSON. Debugging requires switching between multiple tools and manually copying data between them.
Why This Workflow Works
Combining JWT decoding, JSON formatting, and Base64 decoding into a single workflow saves time when debugging authentication issues, inspecting API payloads, and troubleshooting webhook deliveries. Instead of juggling browser tabs, you follow a structured pipeline.
Tool Pipeline
Step-by-Step Workflow
Extract the JWT from the API response
JWT DecoderCopy the Authorization header or token field from your API response. Paste it into the JWT Decoder to see the header, payload, and signature. Check the exp claim to verify the token hasn't expired.
Format the JSON payload
JSON FormatterTake the full API response body and paste it into the JSON Formatter. Use the tree view to navigate deeply nested objects. Look for fields containing Base64-encoded data (usually long strings ending with =).
Decode Base64 fields
Base64 EncoderCopy any Base64-encoded values from the formatted JSON. Paste them into the Base64 Encoder in decode mode to reveal the original data. This is common for email content, file attachments, and encrypted payloads.
Verify and document findings
JSON FormatterCombine your decoded data back into a clean JSON document for your bug report or documentation. Use the JSON Formatter to validate the structure and ensure all fields are correctly typed.
Example Scenario
Debugging a failed OAuth callback
You receive a 401 error on your OAuth callback endpoint. The response includes a JWT id_token and a Base64-encoded state parameter.
{"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwiZXhwIjoxNjE2MjM5MDIyfQ.signature", "state": "eyJyZWRpcmVjdCI6Ii9kYXNoYm9hcmQifQ=="}
JWT payload reveals expired token (exp: 2021-03-20). State decodes to {"redirect": "/dashboard"}. Root cause: token refresh not triggered before callback.
Frequently Asked Questions
How do I debug JWT tokens in API responses?
Use the JWT Decoder to paste the token and instantly see the header (algorithm, type), payload (claims like sub, exp, iat), and verify if the token is expired. Then use the JSON Formatter to inspect the full API response body.
What Base64 fields are commonly found in API responses?
Common Base64-encoded fields include: email attachment content, OAuth state parameters, SAML assertions, webhook payload signatures, and binary file data in JSON APIs. Use the Base64 Encoder in decode mode to reveal the original data.
Can I use these tools for GraphQL API debugging?
Yes. GraphQL responses are JSON, so the JSON Formatter works perfectly. JWT tokens in GraphQL are handled the same way as REST APIs. The workflow is identical regardless of the API protocol.
Related Workflows
Try these tools individually
Each tool runs in your browser with no signup required.