JWT Decoder

Free online JWT decoder. Paste a JSON Web Token to read its header and payload. Decoding runs entirely in your browser, so the token never leaves the page. This tool decodes only and does not verify signatures.

What is inside a JWT

A JWT has three parts separated by dots: a header naming the algorithm, a payload of claims such as sub, exp, iat, and nbf, and a signature. The header and payload are base64url-encoded JSON, readable but not encrypted.

Decode is not verify

Base64url is an encoding, not encryption, so anyone can read a token. Verifying the signature requires the signing secret or key, which this tool does not handle. Always verify in your backend.