JWT Decoder
Decode and inspect JSON Web Tokens instantly. View header algorithm, payload claims, expiry time, and signature structure — all client-side, nothing sent to server.
Decode JWT Token
Paste your JWT token below. Tokens are decoded entirely in your browser — your token is never sent anywhere.
Sample tokens:
What is a JWT (JSON Web Token)?
A JWT is a compact, URL-safe token used to securely transmit information between parties as a JSON object. It is commonly used for authentication and authorization in REST APIs and single-page applications.
JWT Structure
- Header: Algorithm (alg) and token type (typ). Common algorithms: HS256, RS256, ES256
- Payload: Claims — data about the user or entity. Includes standard claims like
sub,iat,exp, plus custom claims - Signature: Hash of header + payload + secret key. Verifies the token hasn't been modified
Common JWT Claims
sub— Subject (who the token is about, typically user ID)iss— Issuer (who created the token)aud— Audience (who the token is intended for)exp— Expiration time (Unix timestamp)iat— Issued At (Unix timestamp)nbf— Not Before (token invalid before this time)jti— JWT ID (unique identifier for this token)
Security Warning
Never paste production JWT tokens containing sensitive data into online tools you don't trust. This tool runs entirely in your browser — no data leaves your device. Treat JWTs like passwords.