Decode JSON Web Tokens (JWT) quickly to view header and payload information. Great for debugging authentication, inspecting claims, and understanding token structure.
Watch Demo Video
Simple 4-Step Process
Copy Your JWT Token
Get the JWT token from your application, API response, or authentication system. It usually starts with 'eyJ...'
Paste the Token
Paste your JWT token into the text area. The token should be a long string divided into three parts by dots.
Click Decode Button
Click the 'Decode' button to extract and show the header and payload information from your JWT token.
Review Decoded Data
Check the header (algorithm and token type) and payload (claims, expiration, user data) sections.
Understanding JWT Token Structure
A JWT token has three parts separated by dots (.). Each part serves a specific purpose:
Header
Contains metadata about the token
Algorithm (alg), Token Type (typ)
Payload
Contains the claims and user data
User info, Expiration (exp), Issued At (iat), Claims
Signature
Used to verify token authenticity
Not decoded - requires secret key to validate
Common JWT Claims
JWT payloads usually include these standard claims:
issIssuer - Who created the token
subSubject - Who the token is about
audAudience - Who should accept the token
expExpiration - When the token expires
iatIssued At - When the token was created
nbfNot Before - When the token becomes valid
Important Security Notes