JWT

JWT Decoder

Decode and inspect JSON Web Tokens.

JWT Token

How to use

Paste a JWT (it starts with eyJ...) into the input box
Click Decode — the header and payload appear as formatted JSON
Check the expiry badge: Valid or Expired

JWT Structure

A JWT has three Base64url-encoded sections separated by dots: header.payload.signature. The header declares the algorithm (alg), the payload holds the claims (sub, exp, iat, custom fields), and the signature verifies integrity.

Security note

JWTs are not encrypted — the payload is just encoded, not secret. Never store passwords, private keys, or sensitive PII in a JWT payload. The signature only proves the token wasn't tampered with; it doesn't hide the contents.

Common claims: sub (subject/user ID), exp (expiry), iat (issued at), iss (issuer), aud (audience).

Related Tools

# Hash Generator 🔑 Password Generator { } JSON Formatter & Validator B64 Base64 Encode/Decode %20 URL Encode/Decode ID UUID Generator

Use via API

Integrate this tool into your workflow with our free REST API.

View API docs →

Embed This Tool

Add this tool to your site or blog:

<iframe src="https://devpulse.tools/tool/jwt-decoder?embed=true" width="100%" height="500" frameborder="0"></iframe>

Related Guides

JWT Tokens Decoded: How They Work and How to Read Them

JWT tokens are in every modern auth system. Here's how to decode them, what the three parts mean, and the common mistakes developers make.

Browse all guides →

New Tool Every Week

Get notified when we ship new tools and Android apps. One email, no fluff.