JWT Decoder

Free online JWT decoder. Decode JSON Web Token header and payload instantly. All processing happens locally in your browser for maximum security.

JWT Token
Header
 
Payload
 
      
  
 

How to Use JWT Decoder 
 
 
 
 1 
 
 
Paste Your JWT
 
Copy a JSON Web Token (JWT) and paste it into the input field. A JWT looks like three base64-encoded strings separated by dots: header.payload.signature.
 
 
 
 2 
 
 
Click Decode
 
Click "Decode" to parse the JWT. The header and payload are decoded and displayed in separate panels. The signature is not decoded — it is used for verification only.
 
 
 
 3 
 
 
Review the Contents
 
Examine the header (algorithm and token type) and payload (claims like sub, iat, exp). The data is presented as formatted JSON for easy reading.
 
 
 
 
  
 
Example JWT
 
 
Paste this token to see the decoded header and payload:
 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
 
 
  
 

Frequently Asked Questions

 
 
  What is a JWT?     
 
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and authorization in web applications. A JWT consists of three parts: a header, a payload, and a signature, all Base64-encoded and separated by dots.
 
 
  Is it safe to decode a JWT in a browser?     
 
Yes, decoding a JWT is completely safe. The header and payload are only Base64-encoded — not encrypted. Anyone can decode them. The signature is used to verify that the token hasn't been tampered with, but our tool only decodes the public parts and does not verify signatures.
 
 
  What information is in a JWT payload?     
 
A JWT payload contains claims — statements about the user or entity. Common claims include: sub (subject/user ID), iat (issued at time), exp (expiration time), iss (issuer), and aud (audience). Custom claims can also be included depending on the application.
 
 
  What does the signature part of a JWT do?     
 
The signature verifies that the token was created by a trusted source and hasn't been modified. It is created by signing the header and payload with a secret key or private key. Our tool does not verify signatures — it only decodes the readable parts of the token.
 
 
 
 
  
 
Understanding JWT Structure
 
 
A JWT is composed of three Base64URL-encoded parts separated by dots:
 
The Three Parts
 
     
  • Header — Contains the token type (JWT) and signing algorithm (HS256, RS256, etc.)
    •  
  • Payload — Contains the claims (user data, expiration, issuer, etc.)
    •  
  • Signature — Verifies the token's authenticity and integrity
    •  
 
 
  
 

Related Tools

 
  
 
 
 
                                
 
 
 
Regex Tester
 
Test regular expressions
 
 
 
  
 
 
 
                                     
 
 
 
Diff Checker
 
Compare text differences
 
 
 
  
 
 
 
                                   
 
 
 
SQL Formatter
 
Format SQL queries
 
 
 
  
 
 
 
                                
 
 
 
URL Parser
 
Parse URL components
 
 
 
  
 
  
 
Related Articles
 
 
Guide
JSON Debugging Guide
Fix and prevent common JSON errors.
 
Guide
JSON Debugging Guide
Fix and prevent common JSON errors.