← DevTools/
🔑JWT DecoderLIVE
🔒 Decoded entirely in your browser — nothing sent to a server

Paste a JWT

Paste a JWT above — header, payload, and expiry will be decoded instantly

💡 JWTs are not encrypted — anyone can decode the header and payload without a secret. Never put sensitive data (passwords, secrets) in a JWT payload. Only the signature proves the token wasn't tampered with, and only if you verify it.