Ctrl + K
Developer

JWT Decoder & Parser

Decode, parse, and inspect JSON Web Tokens (JWT) to examine header claims, payload data, and signature details instantly.

JWT Token
0 chars
Header Payload Signature

JSON Formatter

Format, validate, and beautify JSON documents →

All JWT decoding happens locally in your browser. Your token data is never sent to any server. This tool only decodes — it does not verify signatures or validate cryptographic integrity.

JSON Web Tokens (JWT) are the backbone of modern API authentication and authorization. Whether you are debugging a 401 error, inspecting a session token from a login flow, or learning how OAuth2 works, our free JWT decoder and parser lets you paste any token and instantly see its decoded header, payload claims, and signature — all parsed client-side with zero data leaving your browser.

What Is a JWT?

A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact, URL-safe way to transmit claims between parties. A JWT consists of three Base64URL-encoded segments separated by dots: header.payload.signature. The header typically contains the token type and signing algorithm, the payload contains the claims (statements about an entity), and the signature is computed by combining the encoded header and payload with a secret key to verify integrity.

How to Use the JWT Decoder

  1. Paste your token — Enter a complete JWT string (header.payload.signature) into the input textarea.
  2. Review metadata — Algorithm, type, issuance time, and expiration are displayed in summary cards.
  3. Inspect header & payload — Both segments are decoded and pretty-printed as formatted JSON in side-by-side panels.
  4. Copy individual parts — Use the Copy button on each panel to grab the decoded header or payload.
  5. Check the signature — The raw signature segment is displayed at the bottom for verification against known keys.

Key Features

  • Real-Time Decoding

    Header and payload update instantly as you type or paste a token.

  • Claim Summary Cards

    Quick-glance cards for alg, typ, iss, sub, iat, and exp.

  • Formatted JSON Output

    Both header and payload are pretty-printed for easy reading.

  • Individual Copy Buttons

    Copy the decoded header or payload separately to your clipboard.

  • Timestamp Conversion

    Unix epoch timestamps (iat, exp) are converted to human-readable UTC dates.

  • 100% Private

    All parsing is client-side. Tokens are never uploaded anywhere.

Common JWT Claims

  • iss (Issuer) — Identifies the principal that issued the token.
  • sub (Subject) — Identifies the subject of the token (usually a user ID).
  • aud (Audience) — Identifies the recipients the token is intended for.
  • exp (Expiration) — Unix timestamp after which the token is no longer valid.
  • nbf (Not Before) — Unix timestamp before which the token must not be accepted.
  • iat (Issued At) — Unix timestamp identifying when the token was issued.

Frequently Asked Questions

Does this tool verify JWT signatures?
No. This tool only decodes the Base64URL-encoded header and payload. Signature verification requires the signing secret or public key, which we never ask for. Use a server-side library like jsonwebtoken (Node.js) or similar to verify tokens cryptographically.
Is it safe to paste my JWT here?
Yes. All decoding happens entirely in your browser using JavaScript's native atob() and JSON.parse() functions. Your token never touches any server, is not logged, and is not stored.
Why am I seeing invalid JWT errors?
Make sure you paste the complete token including all three segments separated by dots. The token must use standard Base64URL encoding. If your token is a JWE (encrypted) or uses a different format, it will not parse correctly here.
What is the difference between JWT, JWS, and JWE?
JWT (JSON Web Token) is the umbrella concept for claims-based tokens. JWS (JSON Web Signature) is a JWT that is signed — the most common form. JWE (JSON Web Encryption) is a JWT that is encrypted. This tool decodes standard JWS tokens with a recognizable header, payload, and signature.

Related Tools

Base64 Encoder / Decoder

Encode and decode Base64 strings.
JSON Formatter

Format, validate, and beautify JSON.
URL Encoder / Decoder

Encode and decode URL parameters.
Hash Generator

Compute MD5, SHA-1, SHA-256, and SHA-512.