JWT Tool
Enter a header and payload in JSON format to generate, copy, decode, and verify HS256-signed JWTs directly in your browser.
Generated tokens are displayed instantly and can be copied with a single click.
All processing happens entirely in your browser; nothing is sent anywhere.
Decode a JWT
Enter the secret to verify the signatureJWT Decoder and Verification Tool
JWTs are commonly used for authentication, session handling, and API authorization. This tool decodes the header and payload of a JSON Web Token in your browser so you can inspect claims such as sub, iss, aud, iat, and exp. It also helps you check token structure and review signature-related data during debugging.
When it helps
- Debug login issues: Confirm whether a token contains the expected user ID, issuer, audience, and expiration time.
- Inspect API authorization: Review token claims before sending requests to protected endpoints.
- Check token lifetime: Convert
iatandexpvalues into human-readable times and spot expired tokens.
Security note
JWT payloads are encoded, not encrypted. Anyone with the token can read the header and payload. Avoid pasting production tokens into tools you do not trust, and never share tokens that contain session or authorization data.