JWT Decoder & Encoder

Decode, inspect, and create JSON Web Tokens. Your data is processed in your browser and never sent to a server.

Decoder

Encoded Token:

Header:

Payload:

Signature Verification:

Encoder

Header:

Payload:

HMAC Secret:

Encoded JWT:

How to Use the JWT Debugger

Decode a JWT Token

Paste your JWT token in the "Encoded Token" field. The tool will automatically decode and display the header and payload sections.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Inspect Token Components

Review the decoded header (algorithm and token type) and payload (claims and data) in the formatted JSON output.

Header: Contains algorithm (HS256, RS256, etc.) and token type
Payload: Contains user data, expiration time, issuer, etc.
Signature: Cannot be verified client-side for security

Create New JWT Tokens

Use the Encoder section to build new tokens. Provide header, payload, and HMAC secret to generate a signed JWT.

Header: {"alg": "HS256", "typ": "JWT"}
Payload: {"sub": "user123", "exp": 1638360000}
Secret: your-256-bit-secret

Copy Generated Tokens

Once encoded, use the Copy button to copy the complete JWT token for use in your applications or API requests.

Use Case Examples

API Authentication Debugging

Debug JWT tokens used in API authentication to verify claims, expiration times, and user permissions.

Decoded Payload:

{
  "sub": "user123",
  "exp": 1638360000,
  "role": "admin",
  "permissions": ["read", "write"]
}

Token Expiration Monitoring

Check JWT expiration times (exp claim) to ensure tokens are valid and handle renewal appropriately.

Expiration Check:

{
  "iat": 1516239022,
  "exp": 1516242622,
  "nbf": 1516239022
}

Custom Token Creation

Create JWTs for testing authentication flows, API integration, or custom authentication systems.

Custom Claims:

{
  "user_id": "abc123",
  "email": "user@example.com",
  "custom_data": {
    "department": "engineering",
    "level": "senior"
  }
}

Frequently Asked Questions

What is a JWT?

JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts: header, payload, and signature.

How does JWT decoding work?

Our tool decodes the base64url-encoded header and payload sections of a JWT. The signature cannot be verified without the secret key, for security reasons.

Is my JWT data secure?

Yes! All JWT processing happens locally in your browser. Your tokens never leave your device or get transmitted to our servers, ensuring complete privacy.

Can I create new JWTs?

Yes, our encoder allows you to create new JWTs by providing a header, payload, and HMAC secret. The tool generates the signature client-side for security.

Related Tools

After debugging your JWT, use our API Testing Suite to test endpoints that require JWT authentication, or validate JWT payloads with our JSON Validator.