Developer

JWT Decoder

Decode JSON Web Tokens (JWT) instantly to view header, payload, and signature data.

Encoded JWT

Paste a JWT on the left to see the decoded components.

How to decode a JWT

Developers frequently need to inspect the contents of an authentication token during API development and debugging. Our client-side decoder makes this instant and secure.

1Paste the Token: Simply copy your Base64Url encoded JWT (which typically looks like three long strings separated by dots) and paste it into the left input box.
2View the Claims: The token is instantly parsed and split into its three components. The Header and Payload are pretty-printed as syntax-highlighted JSON on the right side.
3Copy the Payload: If you need the raw JSON data, just click the "Copy Payload" button next to the Payload section.

Frequently Asked Questions

What is a JSON Web Token (JWT)?

A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Are my JWTs logged or sent to a server?

No. This tool operates entirely within your browser. The Base64Url parsing and JSON decoding happens locally on your machine. Your tokens are completely safe, private, and never leave your device.

Does this tool verify the signature?

No. Verifying the signature requires the private secret key that the server used to sign the token. This tool only decodes the Base64Url payloads so you can read the public JSON claims inside.

Why is a JWT split into three parts?

A JWT is composed of three parts separated by dots (.): the Header, the Payload, and the Signature. The Header contains the algorithm used, the Payload contains the actual data claims (like user ID), and the Signature ensures the token hasn't been altered.

Security Note

Anyone with access to your JWT can read the payload data just like this tool does. You should never put sensitive data (like passwords or social security numbers) inside the payload of a JWT.

Browse category Back to tools

Discover

Explore More Free Tools

View all tools

Developer

JSON Formatter

Format, validate, and minify JSON payloads instantly in your browser.

JSONFormatterValidator+2

Security

Password Generator

Generate cryptographically secure passwords instantly in your browser.

PasswordGeneratorSecurity+2

Developer

Base64 Encoder / Decoder

Easily encode text to Base64 or decode Base64 back to text with full UTF-8 support.

Base64EncodeDecode+2

View all tools

How to decode a JWT

Developers frequently need to inspect the contents of an authentication token during API development and debugging. Our client-side decoder makes this instant and secure.

1Paste the Token: Simply copy your Base64Url encoded JWT (which typically looks like three long strings separated by dots) and paste it into the left input box.
2View the Claims: The token is instantly parsed and split into its three components. The Header and Payload are pretty-printed as syntax-highlighted JSON on the right side.
3Copy the Payload: If you need the raw JSON data, just click the "Copy Payload" button next to the Payload section.

Frequently Asked Questions

What is a JSON Web Token (JWT)?

Are my JWTs logged or sent to a server?

No. This tool operates entirely within your browser. The Base64Url parsing and JSON decoding happens locally on your machine. Your tokens are completely safe, private, and never leave your device.

Does this tool verify the signature?

No. Verifying the signature requires the private secret key that the server used to sign the token. This tool only decodes the Base64Url payloads so you can read the public JSON claims inside.

Why is a JWT split into three parts?