JWT Decoder
④ API / Debug
What it is: A JWT is the token you often get after logging in — it Base64-encodes user info and an expiry. Decode it to see the contents here.
When to use: When debugging login/auth and you want to see what a token stores and when it expires.
Everything runs locally in your browser — nothing is uploaded.
FAQ
Does this tool verify the signature?
No. Verifying a signature requires the secret key. This tool only decodes (shows what is inside the token); the token is processed entirely in your browser and never uploaded.
Is the information in a JWT secure?
A JWT header and payload are only Base64-encoded, not encrypted — anyone can decode and read them. So never put sensitive plaintext in the payload.