JWT Decoder — Inspect JSON Web Tokens Online (Free)

Paste a JSON Web Token to decode the header, payload, and claims instantly — all client-side, nothing sent anywhere.

Header

Payload

Signature

The signature cannot be verified client-side without the secret key. To verify: use your backend with the shared secret (HS256/384/512) or public key (RS256/ES256).

What is a JWT?

A JSON Web Token is a compact, URL-safe way to represent claims between two parties. Format: header.payload.signature, each Base64url-encoded.

Standard claims

sub (subject), iss (issuer), aud (audience), exp (expires), iat (issued at), nbf (not before), jti (JWT ID).

Common algorithms

HS256/384/512 — HMAC with shared secret. RS256/384/512 — RSA with public/private key. ES256 — ECDSA. Algorithm is in the header.

Security note

Never paste production tokens with sensitive data into online tools. This decoder runs entirely in your browser — no data leaves your machine. But it's still good hygiene.