JWT Decoder
Decode a JWT to inspect its header and payload claims.
Decoding only — the signature is not verified. Never trust JWT contents without verifying the signature server-side.
Paste a JSON Web Token (JWT) to decode and pretty-print its header and payload. Decoding happens entirely in your browser, so your token is never sent anywhere. Note: the signature is not verified.
How to use the JWT Decoder
- Paste your JWT.
- Read the decoded header and payload.
- Copy the payload if you need it.
Frequently asked questions
Is it safe to paste my JWT here?
Decoding runs locally in your browser and the token is never uploaded. Still, avoid pasting production tokens that contain sensitive data on any website.
Does this verify the JWT signature?
No. It only decodes the contents. Signature verification needs the secret/public key and must be done server-side.