JWT Encoder / Decoder – Free Online Tool

JWT Encoder / Decoder

Encode, decode, inspect & verify JSON Web Tokens — 100% client-side, nothing leaves your browser

Paste JWT Token

Paste a JWT token above to decode and inspect its header, payload, and signature.

Algorithm —

Type —

Claims —

Issued At —

Expires —

Status —

Signing Algorithm

HS256 HS384 HS512 none

Header Part 1 — auto-managed

HDR

Payload (Claims) Part 2

PLD

Secret / Signing Key Part 3

KEY

Generated JWT Token 0 chars

JWT

Fill the header, payload, and secret to generate a signed JWT token.

Header

Contains algorithm (alg) and token type (typ). Base64Url encoded.

Payload

Claims: sub, iss, aud, exp, iat, nbf + custom fields. NOT encrypted!

Signature

HMAC of header + payload with secret. Verifies token wasn’t tampered.

⏱

Expiry (exp)

Unix timestamp. Always set exp on production tokens to prevent replay attacks.

🚫

Not Encrypted

JWT payload is only Base64 encoded, not encrypted. Never store secrets in it.

🔐

Strong Secrets

Use at least 256-bit random secrets for HS256. Never use short or guessable keys.

Kanolyx