JWT Decoder
Decode a JSON Web Token's header and payload locally — nothing is uploaded. The signature is not verified.
Decode a JSON Web Token to inspect its header and payload, instantly and privately. The token is never sent anywhere.
How to use JWT Decoder
- Paste your JWT.
- The header and payload are decoded and pretty-printed.
- Inspect the claims (issuer, expiry, subject…).
- Copy any part you need.
Frequently asked questions
Does this verify the token's signature?
No. It decodes and displays the header and payload for inspection. Verifying the signature needs the secret or public key and should be done server-side.
Is my token sent to a server?
No. Decoding happens entirely in your browser, so your token and its claims never leave your device, safe for real tokens.
Why is the payload readable without a key?
A JWT's header and payload are only Base64URL-encoded, not encrypted. Anyone can read them; the signature is what proves they were not tampered with.
Related tools