Developer Tools

JWT Decoder

Decode JWT header and payload claims for debugging.

Last validated: 2026-02-14

JWT Decoder parses JSON Web Tokens into their header and payload so claims can be inspected without writing helper code. A JWT usually has three Base64URL-encoded parts: the header describes the token type and signing algorithm, the payload contains claims such as issuer (`iss`), audience (`aud`), subject (`sub`), and expiration (`exp`), and the signature allows a verifier to detect tampering. Decoding reveals the text inside the token, but it does not prove that the token is trustworthy. Signature verification requires the correct secret or public key and the expected algorithm, issuer, audience, and time rules. Use this tool for debugging and QA, not as an authentication decision engine.

Permalink

Input Pattern

Enter values in the left panel, keep units explicit, run the calculation, then copy or share the result. Invalid fields are highlighted immediately.

JWT Input

Decodes header and payload only. Signature is not verified.

Decoded Output

Signature length: 43

Signature preview: SflKxwRJSMeKKF2QT4fwpMeJ...

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "ToolPatch",
  "iat": 1700000000,
  "exp": 1900000000
}

Registered Claims

Claim	Value	Interpreted
sub	1234567890	-
iat	1700000000	2023-11-14T22:13:20Z
exp	1900000000	2030-03-17T17:46:40Z

How to use this tool

Paste the full JWT string (three dot-separated segments) into the input field.
Run the decoder and inspect header and payload claims in the output.
Verify expected issuer, audience, and expiration values against your auth configuration.

Worked Example

Auto-generated from the tool's current default or entered inputs.

Example Inputs

Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlRvb2xQYXRjaCIsImlhdCI6MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header pretty: { "alg": "HS256", "typ": "JWT" }
Payload pretty: { "sub": "1234567890", "name": "ToolPatch", "iat": 1700000000, "exp": 1900000000 }
Signature preview: SflKxwRJSMeKKF2QT4fwpMeJ
Signature length: 43

Expected Outputs

Signature length: 43
Registered claims 1 value: 1700000000
Registered claims 2 value: 1900000000

Interpretation

Signature length is 43. Use this as a decision input, not as a standalone conclusion.
Registered claims 1 value is 1700000000. Use this as a decision input, not as a standalone conclusion.
Registered claims 2 value is 1900000000. Use this as a decision input, not as a standalone conclusion.
Cross-check the result against one alternate input set to validate sensitivity.

Explore more versions

Tailored guides for specific audiences, regions, and scenarios.

core

Developer security tools

Promote API testing tools, identity providers, and secure token management products.

JWT Decoder

Input Pattern

JWT Input

Decoded Output

Header

Payload

Registered Claims

How to use this tool

Worked Example

Example Inputs

Expected Outputs

Interpretation

Explore more versions

JWT Decoder

JWT Decoder for Germany

JWT Decoder for United Kingdom

JWT Decoder for United States

JWT Decoder for Freelancers

JWT Decoder for Small Business

Developer security tools