DevToolKits.app
Token helper

JWT Tool

Enter a header and payload in JSON format to generate, copy, decode, and verify HS256-signed JWTs directly in your browser.
Generated tokens are displayed instantly and can be copied with a single click.

You can also paste an existing JWT to decode it and inspect
the header and payload side by side.
By providing the signing secret, the tool verifies the signature, making it easy to confirm token integrity and validity.

This tool is useful for testing authentication flows, verifying API tokens, and troubleshooting issues during development.
All operations are performed without external libraries or commands, allowing quick experimentation directly in the browser.

All processing happens entirely in your browser; nothing is sent anywhere.

Decode a JWT

Enter the secret to verify the signature
Header 
 
 
 Payload 
 
 
 
 
 
 
  
Guide
How to use & features
  • Paste a JWT to automatically decode its header and payload.
  • Enter the shared secret and click “Verify” to check the signature.
  • To issue a new token, edit the payload, set a secret, and click “Sign.”
  • All operations run locally, so secrets never leave your browser.
 
Samples
Sample input & output
Decode a JWT
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZGV2a2l0cyIsImV4cCI6MTcwNjY0MDAwMH0.v9kpsYy6oF9E9e_t1z23v8GpU0mHP5uP6fMIv1wBtRM
Output
{
  "user": "devkits",
  "exp": 1706640000
}
  
FAQ
Frequently asked questions
Does the tool verify signatures?
No. It decodes the token but does not automatically validate the signature. Verify sensitive tokens in your own trusted environment.
Which algorithms are supported?
Payloads are decoded based on the header, covering common HS/RS algorithms. The decoded header and payload are shown for inspection.
Is it safe to paste sensitive data?
Processing is local to the browser, but avoid pasting secrets on shared machines. Nothing is uploaded to a server.
 
Use cases
Common use cases
  • Inspecting claims
    Decode JWT headers and payloads to confirm exp, aud, and other claims on the spot.
  • Gathering clues for bugs
    Paste problematic tokens to see their values and decide whether the issuer or verifier is at fault.
  • Adjusting tokens for tests
    Edit claims and re-encode to craft tokens with different expirations or scopes for test cases.
Notes
Notes & limitations
  • Work stays in your browser
    Inputs and outputs remain local. Closing the tab or clearing cache will remove any temporary state.
  • Validate critical data
    Results are helper outputs—double-check them before sending to production systems or sharing externally.
  • Large payloads depend on your device
    Very large text or files can feel slow in some browsers. Use a desktop environment for heavy workloads.
   
 
 
 
 
Ad
  
 
 
 
 
 
 
Quick links to other tools
 
Stay within DevToolKits with shortcuts to the most-used utilities across the site.
 
 
DevToolKits.app
 
 
 
 
 Articles  1 items
 
 
  Article Index   
 
 
 Time & date tools  4 items
 
 
  Time Zone Converter   Time Units   UNIX Time   Cron Editor   
 
 
 URL & text  5 items
 
 
  URL Encode   URL Params → JSON   Regex Tester   Text & Code Suite   Markdown Table   
 
 
 JSON & schema  6 items
 
 
  JSON Formatter   JSON → TS Types   JSON → Zod   JSON → OpenAPI   JSON ⇔ YAML   GitHub Actions Visualizer   
 
 
 Encoding & security  5 items
 
 
  Base64 / 58 / 32   JWT Decoder   Hash & HMAC   JWKS Generator   GUID / NanoID   
 
 
 Utilities  4 items
 
 
  Diff Checker   Color Utility   QR Generator   QR Reader   
 
 
 
 
 
 
 
 
 
Ad