- JSON Formatter/Viewer
Format, minify, visualize and validate JSON.
- JSON Diff
Compare two JSON objects.
- JSON Schema Validator
Validate JSON schema online
- Base64 Encode/Decode
Encode and decode Base64.
- URL Encode/Decode
Encode and decode URL.
- UUID Generator v4 / v1
Generate UUIDs in v4 and other versions.
- Text Hash
Generate cryptographic hashes from your text input using a wide variety of algorithms.
- File Hash
Generate cryptographic hashes from your file using a wide variety of algorithms.
- JWT Decoder & Validator
Decode and validate JSON Web Tokens.
- CSV Viewer
View CSV data in a table.
- CSV to JSON Converter
Convert CSV to JSON.
- JSON to CSV Converter
Convert JSON to CSV.
JWT Decoder & Validator
Decode and validate JSON Web Tokens.
Payload
Header
How to use our JWT decoder
Our JWT decoder is a simple tool that allows you to decode and verify the signature of a JWT token. To use it, simply paste the JWT token in the input box above. If the token is valid, you will see the decoded header and payload.
If you want to verify the signature of the token, you can enter the secret in the signature input box and click on the verify signature button. If the signature is correct, you will see a green check mark next to the button.
What is JWT
JSON Web Token (JWT) is a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA. You can read more about JWT best practices on Auth0's blog.
JWTs are designed to be compact, URL-safe, and usable across different programming languages. This makes them excellent candidates for data transmission across a wide variety of applications, such as:
- Authentication: Once a user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. This reduces the need for repeated login prompts.
- Information Exchange: JWTs are a good way of securely transmitting information between parties. Because JWTs can be signed, you can be sure the senders are who they say they are. Furthermore, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.
How JWT works
A JWT typically consists of three parts: a header, a payload, and a signature:
- Header: The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.algHS256typJWT
- Payload: The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically the user) and additional data.iat1516239022exp1516239022nameJohn Doeroleadmin
- Signature: To create the signature part, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
These three parts are separated by dots (.) and form the JWT structure:header.payload.signature
The output is three Base64-URL strings separated by dots that can be easily sent via URL, POST parameter, or inside an HTTP header. The client will often store it locally, for example, using local storage. You can read more about JWT on jwt.io.
Note: Do not store sensitive data in the JWT payload or header. Anyone can decode the token and see its contents.