Online JWT decoder

Use this tool to decode your JSON Web Tokens online and extract the header and payload data

Header:

Payload:

💡 This tool is provided for free by Mockoon!

Mockoon is a powerful and user-friendly API mocking tool designed for developers and teams to streamline their development process. With Mockoon, you can effortlessly create and manage mock APIs, allowing for rapid prototyping and testing without the need for a live backend.

Its intuitive interface lets you quickly set up mock servers, customize responses, and simulate different scenarios, all in real-time. By integrating Mockoon into your workflow, you can enhance collaborationamong team members, reduce development time, and ensure a smoother, more efficient testing phase.

Download

About this tool

This tool allows you to decode your JSON Web Tokens (JWT) and extract the header and payload data. Simply paste your JWT token in the input field on the left and the tool will automatically decode it and display the header and payload data in the right-hand side JSON editors.

About JSON Web Tokens

JSON Web Tokens (JWT) are an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

The token is composed of three parts: the header, the payload, and the signature. The content of a JWT is encoded using Base64 encoding, which makes it readable to humans but still secure. The information in the header and payload is not encrypted, but it is signed using a secret key or a public/private key pair. This allows the recipient to verify that the token has not been tampered with.

JWTs are commonly used for authentication and authorization in web applications, APIs, and microservices. They are often used as a replacement for traditional session-based authentication systems because they are stateless, scalable, and secure.

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
Example: { 'alg': 'HS256', 'typ': 'JWT' }

The payload contains the claims, which are statements about an entity (typically, the user) and additional data.
Example: { 'sub': '1234567890', 'name': 'John Doe', 'admin': true }

Usual claims in the payload are:

iss (issuer): The issuer of the token, usually a URL or the name of the service that issued the token.
sub (subject): The subject of the token, usually the user ID or a unique identifier for the user.
aud (audience): The audience of the token, identifying the recipients for which the token is intended.
exp (expiration time): The expiration time of the token, after which it is no longer valid.
nbf (not before): The time before which the token is not valid.
iat (issued at): The time the token was issued.
jti (JWT ID): A unique identifier for the token.

Aside from these standard claims, you can also include custom claims in the payload to store additional information about the user or the token itself.

Product

Applications

Learn

Tools