JWT Debugger Online: Decode & Inspect Your Tokens

Working with JSON Web Tokens can be challenging when they are just long, opaque strings. Our free online JWT Debugger makes it simple to decode and inspect any JWT, instantly revealing its header and payload in a clean, human-readable format, right in your browser.

JWT Debugger Online Tool JWT Debugger Online Decode & Inspect Tokens Encoded JWT eyJhbGciOiJIUzI1NiI... eyJzdWIiOiIxMjM0NT... SflKxwRJSMeKKF2Q... Header (Decoded) { "alg": "HS256", "typ": "JWT" } Payload (Decoded) { "sub": "1234567890", "name": "John Doe" }

Live JWT Debugger

Client-Side Only: Your token is processed in your browser and never sent to our servers. Signature is not verified.

...
...

How to Use Our JWT Debugger

Our tool is designed for speed and simplicity. The decoded token is updated automatically as you type.

  1. Paste Your Token: Copy your full JWT string and paste it into the "Encoded Token" text area on the left.
  2. Inspect the Output: The tool will instantly decode the token and display the Header and Payload in the formatted boxes on the right.
  3. Copy the Results: You can easily copy the formatted JSON from the output boxes for use in your notes or code.

Example: Decoding a Sample JWT

Here is what happens when you paste a standard JWT into the debugger.

Before (Encoded JWT):

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

After (Decoded Output):

// Header
{
  "alg": "HS256",
  "typ": "JWT"
}

// Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

What is a JSON Web Token (JWT)?

A JSON Web Token (JWT) is a compact, URL-safe standard used to securely transmit information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs are commonly used for authentication and secure information exchange in web applications and APIs.

A JWT consists of three parts separated by dots (.):

  • Header: The first part, typically consisting of the signing algorithm (e.g., HS256) and the token type (JWT). This JSON object is then Base64Url encoded.
  • Payload: The second part, which contains the "claims" or data. Claims are statements about an entity (like a user ID) and any additional data. The payload is also Base64Url encoded.
  • Signature: The third part is used to verify the integrity of the token. It is created by signing the encoded header and payload with a secret key.

Frequently Asked Questions (FAQ)

Q1: Is it safe to paste my JWT into this tool?

Yes, 100%. This is a client-side tool, meaning all decoding happens locally in your web browser using JavaScript. Your JWT is never transmitted to our server or any third party. It is completely private and secure.

Q2: What does "Signature not verified" mean?

Our tool only decodes the Header and Payload, which are Base64Url encoded and publicly readable. Verifying the Signature requires the secret key that was used to create the token. Because this key is secret and private, our client-side tool does not ask for it and therefore cannot perform signature verification. The purpose of this tool is to inspect the contents of the token, not validate its authenticity.

Q3: Why am I getting an "Error decoding token" message?

This error typically occurs if the text you pasted is not a valid JWT. Ensure you have copied the entire, unmodified JWT string, including all three parts separated by dots. The token might be malformed, or it could be an encrypted token (JWE), which this debugger does not support.