Header
{}
Payload (Claims)
{}
Signature Verification
Client-side decoding cannot verify signatures securely without your private key.
What is a JWT (JSON Web Token)?
JWT (RFC 7519) is an open standard for securely transmitting information between parties as a JSON object. It is compact and self-contained, making it ideal for passing authentication data in HTTP headers.
The 3 Parts of a Token
A JWT string consists of three parts separated by dots (.):
- Header: Describes the cryptographic operations (e.g.,
"alg": "HS256"). - Payload: Contains the claims. This is the data you want to transmit (UserId, Role, Expiration).
- Signature: Encoded hash of the Header and Payload. Ensures the token hasn't been altered.
Security Warning
Do not paste production tokens here!
While this tool runs 100% client-side and does not send your tokens to our server, it is best practice to never paste sensitive production keys (like Stripe API keys or Admin Sessions) into any third-party website.
Common Claims
iss(Issuer): Who created the token.exp(Expiration Time): Timestamp when the token expires.sub(Subject): The user ID the token represents.iat(Issued At): When the token was created.