JWT Decoder

Decode JSON Web Tokens (JWT) online. Inspect header and payload, runs entirely in your browser.

About JSON Web Tokens

A JWT (JSON Web Token, pronounced "jot") is three base64url-encoded segments separated by dots: header.payload.signature. The header declares the signing algorithm; the payload is a JSON object containing claims (subject, expiry, custom data); the signature proves the token was issued by someone holding the secret or private key. JWTs are the most common shape of bearer token in modern web auth.

How to use

Paste a JWT into the input and press Decode. The tool splits the token, base64url-decodes the first two segments, parses each as JSON, and shows the header, payload, and signature side-by-side. The signature is shown but not verified — verification requires the issuer's secret key (HS*) or public key (RS*/ES*) which only lives on the server. Treat the decoded payload as untrusted until you have verified the signature elsewhere.

Privacy

Decoding runs entirely in your browser. The token is never uploaded.

Frequently Asked Questions

Related tools

UUID Generator

Generate version-4 UUIDs (GUIDs) online. Bulk generation, copy with one click, runs in your browser.

Lorem Ipsum

Generate Lorem Ipsum placeholder text online. Choose words, sentences, or paragraphs.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes online. Free, instant, and runs in your browser.

Password Generator

Generate strong, cryptographically random passwords online. Choose length, character classes, run in your browser.

Edit PDFs on your phone

Pure PDF Editor works offline on iPhone, iPad, Mac, and Android. Free to download.

Download on the App Store Get it on Google Play