JWT Encoder/Decoder
Free online JWT decoder tool, generate signed tokens with HMAC
What is a JWT (JSON Web Token)?
A JSON Web Token is a compact, URL-safe way to represent claims between two parties. A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (the claims or data), and Signature (for verification). JWTs are commonly used for authentication and information exchange in web applications.
How to Decode a JWT Token
Paste your JWT token (the long string starting with eyJ...) into the input field. The tool automatically decodes and displays the Header and Payload as formatted JSON. It also shows timing claims like expiration and issued-at dates. No data is sent to any server — decoding happens entirely in your browser.
How to Generate a Signed JWT
Edit the Header and Payload JSON, select an HMAC algorithm (HS256, HS384, or HS512), enter your secret key, and the tool generates a signed JWT. You can set iat to now and adjust exp with preset buttons (+1h, +24h, +7d).
▶Is decoding a JWT secure? Can anyone read it?
▶What is the difference between JWT and JWS?
▶Can I use RSA or ECDSA to sign JWTs?
▶What happens when a JWT expires?
If this tool helped you, consider buying the author a coffee.
Buy Me a Coffee