JWT Decoder
Decode JSON Web Tokens instantly to view their header and payload. Secure, fast, and completely client-side.
What is a JWT?
A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
How do JWTs work?
A JWT consists of three parts separated by dots (.): Header, Payload, and Signature. The Header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used. The Payload contains the claims. Claims are statements about an entity (typically, the user) and additional data. The Signature is used to verify the message wasn't changed along the way.
Is this tool secure?
Yes. This JWT decoder operates 100% within your web browser. When you paste your token, it is decoded locally using JavaScript without ever being sent to a server. We do not store, log, or track the tokens you decode here.