JWT Encoder & Decoder | Free Online JWT Conversion Tool

Encode
Decode

JWT(JSON Web Token)

Valid JWT

Sign Key (Optional)

Parsed Header

Parsed Payload

Signature Not Verified.

JWT Structure Visualizer

In its compact form, JSON Web Tokens consist of three parts separated by dots (.)

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

eyJzdWIiOiIx...SflKxwRJSMeK...

Header

Contains metadata about the token including token type and signing algorithm

{ "alg": "HS256", "typ": "JWT" }

Specifies the signing algorithm (HMAC, RSA, ECDSA)
Indicates token type (typically 'JWT')
Base64Url encoded to form first part of JWT

Payload

Contains claims (statements about an entity and additional data)

{
    "sub": "1234567890", 
    "name": "John Doe",
    "admin": true, 
    "iat": 1516239022, 
    "exp": 1516242622
  }

Registered claims: iss (issuer), exp (expiration), sub (subject), aud (audience)
Public claims: Defined in IANA JWT Registry to avoid collisions
Private claims: Custom claims agreed upon by parties using the token

⚠️ Payload data is Base64Url encoded but NOT encrypted. Never store sensitive information here unless the token is encrypted.

Signature

Used to verify the token hasn't been tampered with during transmission

HMACSHA256(
    base64UrlEncode(header) + "." +
    base64UrlEncode(payload),
    secret_key
  )

Ensures message integrity by verifying token content hasn't changed
For tokens signed with private keys, also verifies sender identity
Created by combining encoded header, payload, secret, and algorithm

How to Use JWT Encoder & Decoder

A step-by-step guide to use JWT conversion tool

Choose Conversion Type

Select whether you want to encode a payload to JWT or decode a JWT back to payload.

Enter Your Data

Type or paste the payload or JWT you want to convert into the input field.

Get Results

The converted data will appear in the result field. You can copy it directly to your clipboard using the copy button.

Frequently Asked Questions About JWT

Find answers to common questions about JWT

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

If a JWT is not decoded correctly, it may be due to an invalid signature, incorrect encoding, or an unsupported algorithm. Ensure the JWT is properly formatted and the correct secret or public key is used for verification.

Yes, any valid JSON payload can be encoded into a JWT. However, the payload must be a valid JSON object and should not contain sensitive information unless encrypted.