Encode, decode and inspect JWT headers and payloads
JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties. Each JWT consists of three parts: a header (containing the signing algorithm), a payload (containing claims like user ID and expiration), and a signature (verifying the token hasn't been tampered with).
To encode a JWT, you provide a header (typically specifying the algorithm), a payload with your claims, and a secret key. The header and payload are Base64URL-encoded, then signed using the selected algorithm (HS256/384/512 with the Web Crypto API).
Decode mode: Paste a JWT token to inspect the header and payload. The tool highlights each part (header/payload/signature) in different colors inline and validates expiration times.
Encode mode: Choose an algorithm (HS256/384/512 for HMAC), enter your secret key, and edit the header and payload JSON. Click Encode JWT to generate a signed token.