$

Machine Payments Protocol · Tempo

Pay-per-call JWT tools.
No API keys. No signups.

A machine-payable API for decoding, verifying, and cracking JSON Web Tokens. Every request is a 402 Payment Required challenge settled in pathUSD on Tempo. Your agent, your terms, your per-call pricing.

Get started GET /api/pricing Switch to MACHINE 
$ curl -X POST https://mpp.jwtsecrets.com/api/decode-jwt \
    -H 'Content-Type: application/json' \
    -d '{"token":"eyJhbGciOiJIUzI1NiJ9…"}'

HTTP/1.1 402 Payment Required
WWW-Authenticate: MPP
{
  "challenges": [
    { "method": "tempo", "amount": "0.01",
      "currency": "pathUSD",
      "recipient": "0xc34e…58dc0" },
    { "method": "tempo", "note": "card payments are currently disabled" }
  ]
}

Endpoints

POST/api/decode-jwt$0.01

Decode header + payload. No signature check. Instant.

POST/api/verify-jwt$0.02

Verify an HS256 JWT against a secret you provide. Returns {valid: boolean}.

POST/api/crack-jwt$0.10

Dictionary-attack HS256. Supply up to 10,000 candidate secrets. Useful for audits.

GET/api/sessions/decode-jwt$0.001 / call

Pay-as-you-go via a payment channel — off-chain vouchers, no per-call on-chain tx.

GET/api/pricingfree

Machine-readable pricing + recipient wallet.

GET/api/healthfree

Liveness probe.

Quickstart

Any MPP-aware client works. The TypeScript SDK is three lines: 

import { Mppx, tempo } from 'mppx/client'
import { privateKeyToAccount } from 'viem/accounts'

Mppx.create({ methods: [tempo({ account: privateKeyToAccount('0x…') })] })

const res = await fetch('https://mpp.jwtsecrets.com/api/decode-jwt', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ token: 'eyJ…' }),
})
console.log(res.status)                           // 200
console.log(res.headers.get('x-payment-receipt')) // 0x… tx hash

Or just test from the terminal:

$ npx mppx account create
$ npx mppx https://mpp.jwtsecrets.com/api/decode-jwt \
    -X POST -d '{"token":"eyJ…"}'

Use from Claude Desktop, Cursor, or any MCP client

The same tools are exposed as a paid MCP server. Each tools/call triggers a JSON-RPC -32042 payment challenge that a payment-aware MCP client settles automatically. 

// ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "jwtsecrets": {
      "command": "npx",
      "args": ["-y", "jwtsecrets-mcp"]
    }
  }
}

Exposed tools: pricing (free), decode-jwt ($0.01), verify-jwt ($0.02), crack-jwt ($0.10).

Payment methods

Paid endpoints currently accept Tempo pathUSD. Stripe card payments are optional and currently not enabled on this deployment.

Tempo · pathUSD · on-chain receipt
Stripe · optional · currently disabled
Sessions · off-chain vouchers
MCP · JSON-RPC -32042

How it works

  1. Client calls a protected endpoint.
  2. Server returns 402 with an MPP Challenge listing accepted methods and prices.
  3. Client signs a Credential (Tempo tx or Stripe SPT) and retries.
  4. Server verifies on-chain / via Stripe and returns the resource plus a Receipt.

Full spec at paymentauth.org · SDK docs at mpp.dev.