JWT Decoder
Decode and inspect the header, payload and signature of any JSON Web Token.
What is a JWT?
A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are widely used for authentication and authorisation in web APIs — your browser receives one after login and sends it with every subsequent request as proof of identity.
JWT Structure
A JWT consists of three base64url-encoded segments separated by dots: header.payload.signature. The header identifies the signing algorithm (e.g. HS256, RS256). The payload contains claims — assertions about the user and token metadata. The signature is used by the server to verify authenticity; this tool does not verify it.
Common Claims
Registered claim names include sub (subject), iss (issuer), aud (audience), exp (expiration), iat (issued at) and nbf (not before). Unix timestamps are displayed as human-readable UTC dates alongside the raw value. An Expired badge appears automatically when the exp claim is in the past.
Privacy
All decoding happens entirely in your browser using the JavaScript atob() function. No token data is ever sent to any server. This makes the tool safe to use with real tokens — though you should still revoke any tokens you suspect may have been compromised.
Related Tools
- JSON Formatter & ValidatorValidate, format and minify JSON — with syntax error highlighting.Open tool
- Regex TesterTest regular expressions live with match and group highlighting.Open tool
- HTML Entity EncoderEncode and decode HTML entities for safe use in markup.Open tool
- HTTP Status CodesReference list of all HTTP status codes with explanations.Open tool