JWT Decoder
Paste a JSON Web Token to decode its header and payload. Signatures are never verified server-side — everything runs in your browser.
⚠️
Never paste production tokens or tokens containing sensitive data into any online tool. This tool runs entirely in your browser and sends no data to a server, but it is best practice to use test/sample tokens only.
About JWT
A JSON Web Token (JWT) consists of three Base64URL-encoded parts: a header (algorithm & token type), a payload (claims like user ID, roles, expiry), and a signature. They are widely used for authentication and API authorization.