JWT Decoder
Decode a JWT's header and payload (no verification).
Paste a JSON Web Token to inspect its header and payload. Decoding only — signature is not verified.
What is a JWT Decoder?
A JWT decoder reads a JSON Web Token and reveals its contents — the header and payload — as readable JSON. Fontily's decodes the token entirely in your browser, so you can inspect claims like user ID, roles and expiry without sending it to a server.
Features
- Header and payload decoded to formatted JSON.
- Instant parsing with clear error messages.
- Base64url handling done correctly.
- Private — nothing is uploaded.
- Free with no sign-up.
How to Use the JWT Decoder
- Paste your JSON Web Token into the box.
- The header and payload appear as formatted JSON.
- Inspect the claims — issuer, subject, expiry and more.
- Copy any part you need for debugging.
Benefits
JWTs are everywhere in modern authentication, but they're opaque at a glance. A decoder lets developers debug auth flows, check token expiry and claims, and understand what an API is sending — without writing throwaway code.
Use Cases
- Debugging authentication and SSO flows.
- Inspecting token claims and expiry.
- Learning how JWTs are structured.
- Verifying API token contents.
Conclusion
Fontily's JWT Decoder reveals a token's header and payload as clean JSON, privately in your browser. Paste a JWT above to inspect its claims — free and local. Always verify signatures server-side before trusting a token.
Frequently asked questions
No. It decodes and displays the header and payload only. It does not verify the signature, so never trust a decoded token's claims without server-side verification.