ToolWren logo ToolWren
ToolWren › CoAP

CoAP Message Decoder

Paste a CoAP packet as hex bytes to break it down into its header fields, token, options and payload. Useful for IoT debugging and learning the Constrained Application Protocol (RFC 7252).

100% client-side · nothing is uploaded

Loading tool…

How to use the CoAP

  1. Paste your CoAP message as hexadecimal bytes (spaces and 0x are ignored).
  2. Click Load sample first if you want to see an example decoded.
  3. Read the parsed header, token, options and payload in the panels below.
  4. Fix the hex if you see an error message describing what went wrong.

Privacy: this tool runs entirely in your browser. Your input is never sent to, received by, or stored on any server — there are no uploads and no tracking of what you enter.

About CoAP

What is CoAP?

The Constrained Application Protocol (CoAP) is a lightweight, RESTful protocol defined in RFC 7252 for constrained devices and networks (IoT). It runs over UDP and mirrors HTTP concepts — GET, POST, PUT, DELETE and response codes — with very low overhead.

The CoAP message format

Every message starts with a fixed 4-byte header: a 2-bit Version, 2-bit Type (CON, NON, ACK, RST), 4-bit Token Length, an 8-bit Code (e.g. 0.01=GET, 2.05=Content) and a 16-bit Message ID. The header is followed by the token (0–8 bytes), then options in delta-encoded TLV format, then an optional payload preceded by the 0xFF marker.

Reading options

Options use delta encoding: each option's number is the previous number plus the 4-bit delta nibble. Nibble values 13 and 14 signal one- or two-byte extended fields. This decoder resolves common option numbers (Uri-Path, Content-Format, Observe, etc.) and renders string/uint values where appropriate.

Frequently asked questions

What input format does this accept?
Paste the raw CoAP message as hexadecimal bytes. Spaces, newlines and 0x prefixes are ignored, so 41 01 12 34 and 41011234 both work.
How do I capture CoAP hex?
You can export bytes from Wireshark (right-click the CoAP layer → Copy → as Hex Stream) or print the UDP payload from a library such as aiocoap, libcoap or node-coap.
What does code 0.01 or 2.05 mean?
CoAP codes are written class.detail. Class 0 = request method (0.01 GET, 0.02 POST, 0.03 PUT, 0.04 DELETE). Class 2 = success (2.05 Content), 4 = client error, 5 = server error.
Does it verify DTLS / decrypt secure CoAP?
No. It parses plaintext CoAP structure only. Encrypted CoAPs (DTLS/OSCORE) payloads must be decrypted first.

Related tools

🔑 JWT🔏 JWT Generator📦 CBORAll Tokens →