SecurityBuilt with Hercules

JWT Decoder & Encoder

About JWT Decoder & Encoder

JSON Web Tokens (JWT) are a compact, URL-safe format for transmitting claims between parties. Each token has three parts — a header, a payload, and a signature — separated by dots.

Use this tool to peek inside a JWT during local development or to debug an authentication issue. Pair it with HMAC secrets to verify a signature without leaving the browser.

Frequently asked questions

Is it safe to paste a real JWT here?: Decoding happens entirely in your browser — no token is sent to a server. Even so, treat any JWT issued by a production system as a credential and rotate it if it leaks.
Which signature algorithms are supported?: HS256, HS384, and HS512 for both decoding and signing. RS/ES variants decode-only.
Does this tool verify expiration?: Yes. The decoder highlights expired tokens based on the exp claim and shows nbf and iat claims in human-readable form.

Want a utility like this — but yours?

JWT Decoder & Encoder is a Hercules app. Remix it, change anything, and ship it on your own domain in minutes.

Related utilities

Base64 Encoder & Decoder

Encoding

Convert text to and from Base64.

UUID Generator

Generators

Generate secure, random UUID v4

Hash Generator

Security

Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes.