JWT Decoder
Paste a JWT token to decode and inspect its header, payload claims, and expiry. Signature verification requires your secret key — this tool only decodes.
Paste JWT Token
About JWT decoding
A JSON Web Token (JWT) consists of three Base64URL-encoded parts: a header (algorithm and token type), a payload (claims), and a signature. The header and payload are readable by anyone — they are encoded, not encrypted. Only the signature verifies authenticity, and checking it requires the secret or public key.
Common use in QA testing: decoding the token returned from a login endpoint to assert that the correct sub, role, and exp claims are present before using it in downstream test steps.