JWT Decoder — Token Claim Inspector
Decode JWT (JSON Web Token) headers and payloads locally in your browser. View claims, algorithm info, and signature without sending data to any server.
How to Use JWT Decoder — Token Claim Inspector
What is a JWT?
A JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties. JWTs are commonly used for authentication and authorization in web applications and APIs.
JWT Structure
A JWT consists of three parts separated by dots (.):
header.payload.signature
- Header: Contains token type (JWT) and signing algorithm (HS256, RS256, etc.)
- Payload: Contains claims (user data, permissions, expiration, etc.)
- Signature: Cryptographic signature to verify the token hasn't been tampered with
How to Use This Tool
Decode a JWT Token
- Paste your JWT in the input field (the entire
header.payload.signaturestring) - Click Decode to extract and parse the token
- View the decoded Header JSON (left panel) showing algorithm and token type
- View the decoded Payload JSON (right panel) showing claims like
sub,exp,iat, custom data - View the Signature segment at the bottom (base64url-encoded, not verified)
- Click Copy next to Header or Payload to copy the JSON individually
- Use Clear to reset and decode another token
- Try Sample Token to see a demo JWT
Important Note
⚠️ This tool ONLY decodes tokens locally in your browser. It does NOT:
- Verify signatures (check if the token is authentic)
- Validate expiration (
expclaim) - Check issuer (
iss) or audience (aud) - Send data to any server
For signature verification, use a proper JWT library with access to the secret key or public key.
Common Use Cases
- Debug Authentication: Inspect JWTs from API responses to see user claims
- Check Token Expiration: View
exp(expiration) andiat(issued at) timestamps - Verify Permissions: See roles, scopes, or custom claims embedded in tokens
- API Testing: Decode tokens from OAuth flows, login responses, or bearer tokens
- Learn JWT Structure: Understand how JWTs encode data in base64url format
- Troubleshoot Authorization: Check if expected claims are present in tokens
Common JWT Claims
sub(Subject): User ID or identifieriss(Issuer): Who issued the token (e.g.,auth0.com)aud(Audience): Intended recipient(s) of the tokenexp(Expiration): Unix timestamp when token expiresiat(Issued At): Unix timestamp when token was creatednbf(Not Before): Token is not valid before this timejti(JWT ID): Unique identifier for the token- Custom claims:
email,roles,permissions,name, etc.
Security Reminders
- Never trust decoded data without verification—anyone can create a JWT with any claims
- Signature verification requires the secret key—this tool cannot verify signatures
- JWTs are encoded, NOT encrypted—anyone can decode and read the payload
- Don't store sensitive data in JWTs—payloads are publicly readable
- Always use HTTPS—JWTs in transit should be encrypted at the transport layer
- Validate exp/iat/nbf claims—check token expiration and validity in your backend
Tips
- Copy the decoded JSON to analyze claims in your code editor
- Check the
alg(algorithm) in the header—noneis insecure and should never be used in production - Unix timestamps (
exp,iat) can be converted to human-readable dates using tools ornew Date(exp * 1000) - If you see "Invalid JWT" errors, ensure you copied the entire token including all three segments
Frequently Asked Questions
Most Viewed Tools
Screen Size Converter — Diagonal Dimension Tool
Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.
Use Tool →DPI Calculator — Print Resolution Tool
Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.
Use Tool →TOTP Code Generator — 2FA Testing Tool
Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.
Use Tool →JSONL Formatter — Line-by-Line Validator
Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.
Use Tool →JSON to Zod — Schema Generator
Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.
Use Tool →Password Entropy Calculator — Crack Time Estimator
Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.
Use Tool →TLS Cipher Suite Checker — Strength Analyzer
Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.
Use Tool →Secret Scanner — API Key & Credential Detector
Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.
Use Tool →Related API & Backend Tools
REST Endpoint Documenter — Markdown Doc Generator
Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.
Use Tool →API Latency Budget Calculator — Plan Distributed System Performance
Set a P99 SLO latency target and distribute the budget across your upstream service dependencies. See remaining headroom, utilization percentage, a stacked allocation bar, and a per-service breakdown with optional P99 actual measurements.
Use Tool →API Error Decoder — Fix Suggestion Tool
Decode HTTP status codes and OAuth 2.0 error strings with plain-English descriptions, common causes, and actionable fix suggestions. Covers every HTTP 1xx–5xx status code and all standard OAuth 2.0 error responses. Results appear instantly as you type.
Use Tool →GraphQL Query Formatter — Mutation & Subscription Tool
Format and prettify GraphQL queries, mutations, subscriptions, and fragments with correct indentation.
Use Tool →AMQP Exchange Configuration Simulator — Map Routing Keys and Queue Bindings
Generate RabbitMQ channel declaration code for Node.js (amqplib) and Python (pika). Select an exchange type, configure durability and options, add queue bindings with routing keys, and instantly get production-ready assertExchange and bindQueue calls. Supports all four exchange types: direct, fanout, topic, and headers. Four presets cover the most common RabbitMQ patterns. Free and runs entirely in your browser.
Use Tool →HTTP Headers Generator — Auth & Security Builder
Generate common HTTP request headers for authentication, content-type, caching, and security. Toggle each category, configure values, and copy the output as raw key-value pairs, JSON, fetch(), cURL, or axios.
Use Tool →CORS Header Generator — Cross-Origin Config Tool
Build CORS configuration headers interactively for web servers and APIs. Set allowed origins, methods, request headers, credentials, and preflight cache duration — then copy the generated Access-Control headers or ready-to-paste code snippets for nginx, Express.js, Flask, and .NET.
Use Tool →GraphQL Subscription Builder — Generate WebSocket Payloads and Client Queries
Build GraphQL subscription query strings and generate WebSocket connection code snippets for Apollo Client, urql, and graphql-ws. Define your operation name, variables, and selection fields visually, then copy the ready-to-use code.
Use Tool →Share Your Feedback
Help us improve this tool by sharing your experience