JWT Decoder / Verifier

Inspect JWT headers and payloads, then verify HS256 signatures securely in your browser.
HS256 verify No uploads
JWT token
Runs in your browser
Tip: decoding is safe; verification requires the secret.
Decoded header

            
Decoded payload

            

            
Signature status

            
-

          

        

      

    


    

      Privacy note: decoding and verification run locally in your browser.
    


            
          

                  
What this JWT decoder does

          
This tool decodes JWT header and payload data, and can verify HS256 signatures if you provide a secret.

                  
Supported algorithms

          
Verification supports HS256 (HMAC SHA-256). Tokens using other algorithms can still be decoded for inspection.

                  
Security tips

          
Avoid sharing production secrets. Use this tool for debugging and testing in safe environments.

              

    
          

        
How to decode a JWT

                  
Paste a token, optionally add a secret, and verify.

                          
    
                          
  1. Paste the JWT into the input box.
    2. 
                          
  2. Enter a secret to verify HS256 tokens (optional).
    3. 
                          
  3. Review the decoded header and payload.
    4. 
                      

              

    
          

        
FAQ

                  

            Does this tool upload my token?
            
No. Everything runs locally in your browser.

          

                  

            Can it verify RS256 tokens?
            
Currently it verifies HS256 only; RS256 is decode-only.

          

                  

            Is decoding the same as verifying?
            
No. Decoding reads data, verification checks the signature.