Developer Tool

Decode & Inspect
JSON Web Tokens

Paste any JWT to instantly decode its header, payload, and signature — entirely in your browser. Nothing leaves your device.

Paste your token

What is a JWT?

A JSON Web Token is a compact, URL-safe means of representing claims between two parties. Tokens are signed — not encrypted — so their contents are always readable. Never store sensitive secrets inside a JWT payload.

Header

Algorithm & Type

The first segment declares the signing algorithm (e.g. HS256, RS256) and token type. Always "typ": "JWT".

Payload

Claims

The second segment contains claims — statements about the entity. Registered claims like sub, iss, exp have defined meanings.

Signature

Integrity

The third segment proves the token has not been tampered with. Verification requires the secret or public key — this tool only decodes, not verifies.

Security

Privacy Note

All decoding happens locally in your browser. No token data is transmitted to any server. Safe to use with production tokens.

Decode & InspectJSON Web Tokens

Registered Claims

What is a JWT?

Decode & Inspect
JSON Web Tokens