JWT

JWT Decoder

Decode the header and payload of any JSON Web Token. Inspect claims, expiry times, and signing algorithm without sending the token to a server.

Runs in your browser ⚡ REST API available 🧩 Embeddable

Decode Header · Payload · Signature

JWT

Decoded

Header { "alg": "HS256", "typ": "JWT" } Payload { "sub": "1234567890", "name": "Jane Doe", "iat": 1516239022 } Signature SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

What is a JWT?

A JWT (RFC 7519) is three Base64url segments joined with dots: header.payload.signature. The header and payload are JSON; the signature proves the token was issued by someone holding the secret or private key.

This page only decodes. It does not verify the signature or prove that a token is trusted.

How to inspect a JWT safely

Paste a token to view its header, payload, and signature. Check common claims such as iss, sub, aud, iat, and exp.

The decoder runs in your browser, so the token is not sent to our server. For production security decisions, verify the token with the issuer's public key or shared secret.

Use the API

Call the same encoder server-side or from another origin. CORS is open, no auth required for the free tier.

curl "https://encode-decode.org/api/v1/jwt\
?action=decode&input=eyJhbGciOiJIUzI1NiJ9.e30.x"