Skip to main contentSkip to navigation

JWT Decoder

Decode JSON Web Tokens (JWT) to view header, payload, and signature information

Status:
No JWT

JWT Token Input

Length: 0

Header

Payload

About JWT (JSON Web Tokens)

What is a JWT?

JSON Web Token (JWT) is an open standard for securely transmitting information between parties as a JSON object. It consists of three parts: Header, Payload, and Signature.

Security Note

This tool only decodes the JWT for inspection. The signature cannot be verified without the secret key. Never share your JWT tokens publicly.

JWT Decoder - Decode JSON Web Tokens Online

A JWT decoder reveals the header, payload (claims), and signature segment of a JSON Web Token. Use it to inspect tokens from your app, decode Base64URL content, and verify time‑based claims at a glance before wiring up full signature verification in your backend.

What is inside a JWT?

The header identifies alg and typ. The payload includes standard claims (iss, sub, aud, exp, nbf, iat, jti) and your app’s custom fields. The signature binds header and payload. Because header and payload are Base64URL‑encoded, anyone can decode them; only the signature ensures integrity.

How decoding works

Decoding is a local Base64URL operation—no secrets are needed. Paste a token to view JSON for header and payload. Optionally verify by supplying a secret (HMAC) or public key (RSA/ECDSA) and checking computed vs. provided signature, plus validating exp and nbf.

About the JWT Decoder tool

Paste a token to see its structure instantly. Copy decoded JSON for debugging, log analysis, or documentation. Treat tokens as sensitive—avoid sharing real tokens; sanitize or redact secrets and identifiers in public bug reports.

Further reading

Use decoding to understand structure and troubleshoot issues. Always verify tokens in your application with trusted libraries and robust key management.