JWT Decoder

Decode and inspect JWT tokens. The header and payload are Base64URL-encoded JSON — not encrypted — so anyone can read them without a key. The signature is what proves the token hasn't been tampered with, and verifying it requires the secret or public key used to sign it. Learn more at jwt.io.