JWT Decoder

Decode a JWT token and view its header and payload as formatted JSON.

When to use this tool

Essential for debugging JWT-based authentication flows, inspecting tokens from OAuth providers, verifying token claims and expiration, and understanding the structure of JWTs used in API authentication and authorization.

How to use

Paste a JWT token string into the input field. Click "Process" to decode. The header and payload are displayed as formatted JSON for inspection.

Input

Output

Download Image

Workflow chain

Continue with tools that fit this output and developer workflow.

How this works

JWTs (JSON Web Tokens) consist of three Base64url-encoded segments separated by dots: header.payload.signature.

The header identifies the signing algorithm and token type. The payload contains claims about the entity. The signature is verified using the header's algorithm and a secret key.

This tool only decodes — it does not verify the signature. Any valid Base64url-encoded JWT can be decoded regardless of whether the signature is valid.

Examples

Standard JWT

Input

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Output

Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890","name":"John Doe","iat":1516239022}

The decoded result shows both the header (algorithm and type) and the payload (claims).

Edge cases to know

JWTs with url-safe Base64 encoding (uses - and _ instead of + and /) are decoded correctly.
Decoding does not validate the signature. A token with an invalid signature will still decode successfully.
Tokens with extra whitespace are not valid — paste the raw token without line breaks.

Privacy note

This free tool processes input in your browser and never sends tokens to any server. Do not paste production secrets or session tokens unless you are comfortable viewing them in the current browser session.

Recent Tools

Favorites

API Reference

Tier: Free
Endpoint: POST https://d3v.tools/api/v1/tools/cryptography/jwt-decode
Method: POST
Content-Type: application/json

Rate Limits

Unauthenticated: 30 req/min
Free: 100 req/min
Premium: 1000 req/min

Request Body

{
    "input": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}

Sample Request

curl -X POST "https://d3v.tools/api/v1/tools/cryptography/jwt-decode" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -d '{"input":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}'

Sample Response

{
    "success": true,
    "data": {
        "input": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
        "result": "{\n  \"header\": {\n    \"alg\": \"HS256\",\n    \"typ\": \"JWT\"\n  },\n  \"payload\": {\n    \"sub\": \"1234567890\",\n    \"name\": \"John Doe\",\n    \"iat\": 1516239022\n  }\n}"
    },
    "meta": {
        "tool": "jwt-decode",
        "tier": "free"
    }
}