← Hashito System Home 日本語 Other tools
Input (paste your JWT)
⚠️ This tool does not verify the signature. It only decodes and displays the header and payload; it does not check whether the token is authentic (untampered).
How to use: Paste a JWT into the field above to see the header and payload appear on the right in real time. A JWT consists of three parts separated by dots (.): header, payload, and signature.
Decoded result
Header
Payload
Related tools: Base64 Encode/Decode JSON Formatter/Validator Subnet Calculator
📖 We also offer free learning posters that illustrate how things work. Take a look at the learning posters as well.

Frequently Asked Questions (FAQ)

What is a JWT (JSON Web Token)?

A JWT (JSON Web Token) is a compact token format used for authentication and exchanging information. It consists of three parts separated by dots (.): the header, the payload, and the signature. The header and payload are Base64URL-encoded JSON. This tool decodes the header and payload so you can inspect their contents.

Does this tool verify the signature?

No. This tool does not verify the signature at all. It only Base64URL-decodes and displays the header and payload; it does not check whether the signature is valid (whether the token has been tampered with). Signature verification requires a secret or public key and, for security, should be performed on the server side.

Is the token I paste safe?

Yes. All decoding happens entirely in JavaScript inside your browser. The token you paste is never sent to or stored on a server. Note, however, that JWTs may contain sensitive information, so be careful when using shared devices.

📖 Free learning posters for students →