DevToolKits.app
Token helper

JWT Tool

Enter a header and payload in JSON format to generate, copy, decode, and verify HS256-signed JWTs directly in your browser.
Generated tokens are displayed instantly and can be copied with a single click.

Guide: How to use & features

  • Paste a JWT to automatically decode its header and payload.
  • Enter the shared secret and click “Verify” to check the signature.
  • To issue a new token, edit the payload, set a secret, and click “Sign.”
  • All operations run locally, so secrets never leave your browser.

Samples: Sample input & output

Decode a JWT

Input

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZGV2a2l0cyIsImV4cCI6MTcwNjY0MDAwMH0.v9kpsYy6oF9E9e_t1z23v8GpU0mHP5uP6fMIv1wBtRM

Output

{
  "user": "devkits",
  "exp": 1706640000
}

FAQ: Frequently asked questions

  • Does the tool verify signatures?

    No. It decodes the token but does not automatically validate the signature. Verify sensitive tokens in your own trusted environment.

  • Which algorithms are supported?

    Payloads are decoded based on the header, covering common HS/RS algorithms. The decoded header and payload are shown for inspection.

  • Is it safe to paste sensitive data?

    Processing is local to the browser, but avoid pasting secrets on shared machines. Nothing is uploaded to a server.

Use cases: Common use cases

  • Inspecting claims

    Decode JWT headers and payloads to confirm exp, aud, and other claims on the spot.

  • Gathering clues for bugs

    Paste problematic tokens to see their values and decide whether the issuer or verifier is at fault.

  • Adjusting tokens for tests

    Edit claims and re-encode to craft tokens with different expirations or scopes for test cases.

Notes: Notes & limitations

  • Work stays in your browser

    Inputs and outputs remain local. Closing the tab or clearing cache will remove any temporary state.

  • Validate critical data

    Results are helper outputs—double-check them before sending to production systems or sharing externally.

  • Large payloads depend on your device

    Very large text or files can feel slow in some browsers. Use a desktop environment for heavy workloads.

All processing happens entirely in your browser; nothing is sent anywhere.

Decode a JWT

Enter the secret to verify the signature
Header 
 
 
 Payload 
 
 
 
 
 
 
  
 
 
JWT Decoder and Verification Tool


JWTs are commonly used for authentication, session handling, and API authorization. This tool decodes the header and payload of a JSON Web Token in your browser so you can inspect claims such as sub, iss, aud, iat, and exp. It also helps you check token structure and review signature-related data during debugging.


When it helps


    

  • Debug login issues: Confirm whether a token contains the expected user ID, issuer, audience, and expiration time.
    • 

  • Inspect API authorization: Review token claims before sending requests to protected endpoints.
    • 

  • Check token lifetime: Convert iat and exp values into human-readable times and spot expired tokens.
    • 



Security note


JWT payloads are encoded, not encrypted. Anyone with the token can read the header and payload. Avoid pasting production tokens into tools you do not trust, and never share tokens that contain session or authorization data.
 
 
Articles for this tool
Introduction
2026-02-16
JWT and Security Tokens: Understanding the Mechanism and Secure Operation Guide
From the internal structure of JSON Web Token (JWT) to public key distribution with JWKS and data tampering detection through hashing, learn the fundamentals of safe authentication systems.
Introduction
2026-01-11
Understanding JWT (JSON Web Token) and How to Debug It
Explore the structure of JWT (Header, Payload, Signature), learn secure debugging methods, and follow the steps to decode tokens using DevToolKits.
Use Case
2026-05-17
Check JWT expiration and payload before an API review
A practical workflow for decoding JWTs, checking exp, iat, aud, and scope, and catching authentication issues before review.
Recent Articles
Use Case
2026-05-18
Use a SQL formatter before review to make queries easier to read
A practical workflow for formatting long SQL queries so JOIN, WHERE, GROUP BY, and ORDER BY clauses are easier to review.
Use Case
2026-05-18
Visualize GitHub Actions needs dependencies with Mermaid
A practical workflow for reading complex GitHub Actions workflow YAML by separating job dependencies from step details.
Use Case
2026-05-18
Common pitfalls when drawing infrastructure diagrams with Mermaid
A practical guide to organizing node names, arrows, and diagram scope when building infrastructure diagrams with Mermaid in the browser.
Use Case
2026-05-18
Generate Mermaid ER diagrams from SQL DDL to review table relationships
A practical workflow for turning CREATE TABLE statements into Mermaid ER diagrams and checking foreign keys before a schema review.
Use Case
2026-05-18
Design notes for building JOIN queries with a Visual SQL Builder
A practical workflow for using a Visual SQL Builder to assemble SELECT, JOIN, and WHERE clauses without losing track of table relationships.
Use Case
2026-05-17
Convert CSV and JSON to check data faster
A practical workflow for moving between CSV exports, API responses, and spreadsheet-style review without losing track of fields.
  
 
 
  
 
 
 
 
 
  
 Stay within DevToolKits with shortcuts to the most-used utilities across the site. 
 
  
 
 
  
      Articles 
  1   
    Article Index      
 
  
      Development & DevOps 
  8   
    GitHub Actions Visualizer        SQL Formatter        Visual SQL Builder        SQL → ER Diagram        Curl Converter        Chmod Calculator        Cron Editor & Parser        Infrastructure Diagram Builder      
 
  
      Data Conversion & Schemas 
  6   
    JSON Formatter        JSON → TypeScript        JSON → Zod        JSON → OpenAPI        JSON ⇔ YAML        CSV ⇔ JSON Converter      
 
  
      Security & Cryptography 
  5   
    Base64 / 58 / 32        JWT Tool        Hash & HMAC Generator        JWKS Generator        UUID Generator      
 
  
      Text & Code Helpers 
  4   
    Markdown Table Generator        Text & Code Suite        Regex Tester        Diff Viewer      
 
  
      URL, QR & Network 
  4   
    URL Encode / Decode        URL Params → JSON        QR Generator        QR Reader      
 
  
      Design & UI 
  2   
    Color Utility        Favicon Generator      
 
  
      Date & Time 
  3   
    Time Zone Converter        Time Units        UNIX Timestamp Converter