JWT Decoder

JWT Decoder

Decode and inspect JSON Web Tokens instantly in your browser. View header, payload, claims, expiry, and signature details. Nothing is sent to any server. Free, no login.

🔒 100% private -- all decoding happens in your browser with JavaScript. Your token is never sent to any server.
Try a sample:

Paste your JWT

What is a JWT?

JSON Web Token

A JWT is a compact, URL-safe token with three Base64URL-encoded parts separated by dots: header.payload.signature. Widely used for API authentication and session management.

Structure

Three parts

Header -- algorithm and token type.
Payload -- claims (user data, expiry, issuer).
Signature -- verifies the token hasn't been tampered with.

Security note

Signatures need a secret

This tool decodes (base64) the payload -- it does not verify the signature. Never trust a JWT without verifying its signature server-side using your secret key.

PHP usage

Verifying in PHP

firebase/php-jwt is the standard library.
JWT::decode($token, new Key($secret, 'HS256'))
Always verify before trusting any claims.

Related tools

Password Strength Checker
Test the strength of JWT secrets and API keys
Base64 Encoder / Decoder
JWT parts are Base64URL encoded -- decode them manually
HTTP Header Inspector
Inspect Authorization headers in API responses
Building authentication in PHP?

JWT, OAuth, session security, and password hashing -- covered in our PHP developer ebooks and courses.

Browse ebooks → View courses →