JWT Encoder / Decoder
Inspect, verify, and encode JSON Web Tokens. Everything runs in your browser — secrets are never transmitted.
Paste your JWT
Token breakdown
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header Payload Signature
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Claims
- Issued at (iat)
- 1/18/2018, 2:30:22 AM
- Subject (sub)
- 1234567890
Verify signature HMAC only — HS256 / HS384 / HS512
How it works
- 1 Decode: paste any JWT — header and payload are base64url-decoded and displayed as formatted JSON.
- 2 Claims like exp, iat, and nbf are parsed into readable timestamps with a live expiry indicator.
- 3 Verify: enter your HMAC secret to check whether the signature is cryptographically valid.
- 4 Encode: write a JSON payload, choose an algorithm, enter a secret, and generate a signed JWT.
Why use this tool
- ✓ Everything runs in your browser — secrets are never sent anywhere.
- ✓ Colour-coded token parts make structure immediately obvious.
- ✓ Expiry badge shows whether a token is still valid at a glance.
- ✓ Supports HS256, HS384, and HS512 for signing and verification.
Use cases
- → Debugging auth issues in API development.
- → Checking token expiry during QA and staging.
- → Generating test tokens for integration testing.
- → Inspecting third-party tokens to understand their claims.
Related tools
{ } 🔑 🔐 🔗 📤
JSON Formatter
Format and validate the JSON payload inside a JWT.
UUID Generator
Generate UUIDs to use as jti (JWT ID) claims.
Password Generator
Generate strong secrets for signing your JWTs.
URL Slug Generator
Build clean API endpoint paths protected by JWTs.
File Sender
Share JWT-protected API documentation with your team.