JWT Decoder

Developer toolNew

Decode and inspect JSON Web Token headers and payloads.

This tool runs entirely in your browser. Your files never leave your device — nothing is uploaded.

JSON Web Token

Decoded

Paste a token on the left to see its header and payload here.

Step-by-step guideHow to Decode a JWT Token

Frequently asked questions

Is my token uploaded anywhere when I decode it?
No. Every byte of decoding happens locally in your browser using JavaScript, so your JWT never leaves your device and is never sent to a server. That makes it safe to inspect tokens that contain sensitive claims without any privacy risk.
Does this tool verify the JWT signature?
No, it only decodes the header and payload and displays the raw signature segment. Verifying a signature requires the secret or public key used to sign the token, which this in-browser viewer never asks for or sees. Treat the decoded contents as informational, not as proof the token is authentic.
Why does it say my token is invalid?
A valid JWT has exactly three base64url segments joined by dots (header.payload.signature). If you paste a partial token, extra whitespace, or non-JWT text, the decoder reports a friendly error. Make sure you copied the full token and that the header and payload are present.