JWT Decoder

📘 How to Use JWT Decoder

Simply paste a JSON Web Token (JWT) into the input field. The tool instantly decodes the header and payload sections, displaying them as formatted JSON. You'll also see the signature part (without verification) and the algorithm used. Use the Copy Header and Copy Payload buttons to copy the decoded JSON, and Clear to reset everything. All processing is done in your browser — no data is sent to any server.

🔐 What is JWT (JSON Web Token)?

JWT is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three parts: Header, Payload, and Signature, each Base64Url-encoded and separated by dots. JWTs are commonly used for authentication, authorization, and information exchange in web applications and APIs.

🧩 JWT Structure Explained

• Header: Contains metadata like the signing algorithm (e.g., HS256, RS256) and token type (JWT).
• Payload: Contains the claims — statements about an entity (user) and additional data. Common claims: `sub` (subject), `name`, `iat` (issued at), `exp` (expiration).
• Signature: Created by hashing the header and payload with a secret or private key, ensuring token integrity and authenticity.

⚙️ Why Decode a JWT?

• Debugging: Inspect the content of tokens issued by authentication systems.
• Learning: Understand how JWTs are structured and what claims they contain.
• Security Auditing: Verify that tokens contain expected claims and no sensitive data exposure.
• API Testing: Quickly view token payloads during development.

📌 Example JWT

⚠️ Security Note

This tool does not verify the signature — it only decodes the token. A valid signature does not guarantee the token's authenticity; you must check the signature separately using the appropriate secret or public key. Never share your JWT secrets or private keys. All decoding happens locally, ensuring your tokens remain private.