JWT Decoder
Paste a JWT to decode the header and payload. Decode only — no signature verification. Runs in your browser.
About JWT
A JWT has three base64url-encoded parts separated by dots: header (algorithm, type), payload (claims like user id or expiration), and signature. This tool decodes the first two parts so you can inspect them. It does not verify the signature — use your server or a crypto library for that when handling authentication.
Frequently Asked Questions
What is a JWT?
JWT (JSON Web Token) is a compact way to send data between parties. It has three parts (header, payload, signature) in base64url, separated by dots. Often used for API authentication and session tokens.
Is it safe to decode my JWT here?
This tool only decodes the header and payload — it does not verify the signature or send the token anywhere. Decoding happens in your browser. Do not paste tokens that contain highly sensitive data if you are on a shared computer.
What is this tool for?
Decoding JWTs is useful for debugging: you can see claims (e.g. expiration, user id) and header (e.g. algorithm) without calling an API. This tool does not verify the signature; use your backend or a dedicated library for verification.