How to use it
- Paste a JWT into the input editor.
- Choose Decode JWT to read its header and payload.
- Review the formatted JSON and copy either section if needed.
- Clear the token and outputs when finished.
Search by tool name or category.
No tools found.
Read the header and payload of a JSON Web Token locally in your browser.
This tool decodes JWTs locally in your browser and does not verify signatures.
A JSON Web Token usually contains a Base64URL-encoded header, payload and signature separated by periods. This tool formats the first two parts as readable JSON.
The browser only decodes Base64URL data and parses JSON. It does not validate the signature, issuer, audience, expiration or trustworthiness of any claim.
The token is processed only in the current page, is not uploaded, is not saved and is not written to the console. Avoid sharing sensitive production tokens unnecessarily.
A token can reveal an algorithm such as HS256 in its header and claims such as sub, aud or exp in its payload, but those decoded values are not proof that the token is valid.