Use this tool to decode your JSON Web Tokens online and extract the header and payload data
Mockoon is a powerful API mocking tool that makes it easy to create and manage mock APIs for prototyping and testing. With an intuitive interface, you can quickly set up mock servers, customize responses, and simulate scenarios in real-time, enhancing team collaboration and speeding up development.
This tool allows you to decode your JSON Web Tokens (JWT) and extract the header and payload data. Simply paste your JWT token in the input field on the left and the tool will automatically decode it and display the header and payload data in the right-hand side JSON editors.
JSON Web Tokens (JWT) are an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
The token is composed of three parts: the header, the payload, and the signature. The content of a JWT is encoded using Base64 encoding, which makes it readable to humans but still secure. The information in the header and payload is not encrypted, but it is signed using a secret key or a public/private key pair. This allows the recipient to verify that the token has not been tampered with.
JWTs are commonly used for authentication and authorization in web applications, APIs, and microservices. They are often used as a replacement for traditional session-based authentication systems because they are stateless, scalable, and secure.
The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
Example: { 'alg': 'HS256', 'typ': 'JWT' }
The payload contains the claims, which are statements about an entity (typically, the user) and additional data.
Example: { 'sub': '1234567890', 'name': 'John Doe', 'admin': true }
Aside from these standard claims, you can also include custom claims in the payload to store additional information about the user or the token itself.