JWT guide
How to Decode a JWT Online — Free Tool
JSON Web Tokens (JWTs) carry signed claims between APIs, auth servers, and clients. Decoding lets you read the header and payload, check expiration, and confirm a signature before you trust a token. XSular Tools runs entirely in your browser—paste a token, inspect the parts, and generate test tokens without sending data to a server.
Paste your JWT into the decoder
Copy the full token from your Authorization header, browser devtools, or API response. It should look like three Base64url segments separated by dots (header.payload.signature). Paste it into the input area on the tool below.
What you'll see Screenshot: The JWT tool input with a sample token pasted; the header and payload panels below are still empty until processing completes.
Read the decoded header and payload
The tool splits the token automatically and shows JSON for the header (algorithm, type) and payload (claims such as sub, exp, and iat). Check whether exp is in the past, whether aud and iss match your API, and whether custom claims look correct.
What you'll see Screenshot: Expanded JSON blocks labeled Header and Payload with syntax highlighting; expiration shown as a human-readable date when present.
Verify the signature (optional)
If you have the HMAC secret or need to validate a test token, enter the secret and choose the algorithm (HS256, HS384, or HS512). A valid signature confirms the token was not tampered with. For production secrets, keep verification local—this tool does not upload your key.
What you'll see Screenshot: Secret field and algorithm chips with a green valid indicator next to the signature section.
Try it now — free online tool
No signup required. Processing runs in your browser.
When debugging auth flows, combine decoding with our JSON formatter for large claim objects or the Base64 tool if you need to inspect raw segments. Bookmark the full JWT tool page for generator mode when you need fresh test tokens with custom claims and expiry.
JWT Decoder & Generator
Full tool page with guides, FAQs, and related utilities.