JWT Parser
Decode and inspect JWT (JSON Web Token) header, payload and signature. Decode only, no signature verification.
JWT Token0
About This ToolFree online JWT parser. Paste a JWT and see its header (algorithm, type) and payload (claims such as sub, exp, iat) in readable JSON. The signature is shown in Base64URL form. All processing runs in your browser; no token is sent to any server. This tool does not verify signatures—use it for debugging and inspection only.
How to UsePaste your JWT in the input box (with or without the "Bearer " prefix), then click "Decode". The header and payload will be shown as formatted JSON. You can copy each part. If the token is invalid or malformed, an error message will appear.
What is JWT?JWT (JSON Web Token) is a compact, URL-safe way to represent claims between two parties. It is commonly used for authentication and authorization: after a user logs in, the server issues a JWT that the client sends with later requests. The server can verify the token to identify the user without storing session state.JWT StructureA JWT has three parts separated by dots: Header.Payload.Signature. Each part is Base64URL-encoded. The header usually contains the algorithm (e.g. HS256, RS256) and type (JWT). The payload contains claims (e.g. user id, expiration time). The signature is computed from the header and payload with a secret or private key to prevent tampering.Common Claimssub (subject): often the user ID. exp (expiration): Unix timestamp when the token expires. iat (issued at): Unix timestamp when the token was issued. Other custom claims (e.g. roles, email) may be included. This tool shows iat and exp in human-readable time when present.Security NoteThis tool only decodes the token; it does not verify the signature. Anyone can decode a JWT and read the payload—JWTs are not encrypted. Never put sensitive data (e.g. passwords) in the payload. Always verify the signature on the server before trusting a token.