JWT decoder

Decode header and payload. Signature is not verified.

About this tool

Decode JSON Web Tokens to inspect their header and payload. Useful for debugging auth and API integrations. Decoding happens locally.

Features

Decode header and payload
Highlights expiry, issuer and audience
Verifies signature with HMAC secret (optional)
Browser-only

How to use it

Paste a JWT.
Read the decoded header and payload.

🔒 100% private

Everything happens inside your browser using JavaScript and WebAssembly. Your files are never uploaded to a server, never stored, and never seen by us.

Frequently asked questions

Is decoding sensitive?

Decoding doesn't reveal anything secret - JWT payloads are just Base64. Don't paste production tokens into untrusted tools.