JWT Decoder & Validator

Decode and analyze your JSON Web Tokens (JWT) instantly. View token payload, headers, and signature. Perfect for developers debugging JWT tokens. Need to encode or decode other formats? Try our Base64 converters.

Enter your JWT token here. The decoding will happen automatically as you paste.

Header

 
 
 
 
Payload
  
 
 
 
 
 
Signature
  
 
 
  
 
   
  
 
 
 
 
What is a JWT?
 

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims
          between two parties. It consists of three parts separated by dots (.), which
          are:

 
     
  •  Header: Contains metadata about the token, such as the signing
            algorithm used

    •  
  •  Payload: Contains the claims (data) about the user or other
            entities

    •  
  •  Signature: Used to verify the token hasn't been tampered with

    •  
 
 
 
How to Use This Tool
 
     
  1. Paste your JWT token into the input field
    2.  
  2. The token will be automatically decoded when you paste it
    3.  
  3. Alternatively, click the "Decode JWT" button to decode the token
    4.  
  4. 
View the decoded header, payload, and signature in the output sections

    5.  
 
 
 
Example JWT Token
 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
        
 
 
 
Common JWT Claims
 
Here are some common claims you might find in a JWT payload:
 
     
  • sub (Subject): The subject of the token
    •  
  • iat (Issued At): When the token was issued
    •  
  • exp (Expiration Time): When the token expires
    •  
  • iss (Issuer): Who issued the token
    •  
  • aud (Audience): Who the token is intended for
    •  
 
 
 
Security Note
 

This tool performs client-side decoding only. It does not verify the
          signature of the JWT token. For security-sensitive applications, always
          verify tokens on your server using the appropriate secret key and algorithm.