DevTools

JWT Decoder and Debugger

Inspect JWT headers, payloads and signatures, then verify or generate tokens using an HMAC secret locally in your browser.

Processed locally in your browser; data is not uploaded

Features

FAQ

Are JWTs uploaded?

No. Decoding, verification and generation run locally with browser APIs.

Does decoding prove a token is valid?

No. Decoding only reads its contents; verify the signature with the correct secret to confirm integrity.

Related tools