JWT Decoder
Decode a JSON Web Token's header and payload to inspect its claims, entirely in your browser — no secret required.
Examples
Sample token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890","name":"John Doe","iat":1516239022}
FAQ
No. The token is decoded entirely in your browser — it never leaves your device, which matters since a JWT can contain sensitive claims.
No. This tool only decodes the header and payload for inspection. Verifying a signature requires the signing secret or public key, which this tool never asks for.
Since decoding happens locally and nothing is transmitted, it's safe from a network standpoint — but treat any token as sensitive and avoid sharing screenshots of the decoded output.
Related Tools
Guide
Paste a JWT into the input box. The decoded header and payload appear immediately as formatted JSON.