The JWT payload can be read by anyone. Security lies in the signature.

What does each JWT part mean?

Header: algorithm and type. Payload: data/claims. Signature: hash to validate integrity.

Free Online JWT Decoder | DERRICO Dev Tools

Q: What is JWT?

JWT is a standard for securely transmitting information between parties as a JSON object.

+55 61 3046-0200
contato@derrico.tec.br
Brasília DF, Brazil

EN
- Portuguese (PT)
- English (EN)

Work With Us

This tool only decodes the JWT. It does NOT validate the signature.

FAQ

What is JWT?

JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object. It consists of Header, Payload and Signature.

Is JWT secure?

The JWT payload can be read by anyone (it's just Base64). Security lies in the signature, which ensures the token wasn't altered. Never put sensitive data in the payload.

What does each part of the JWT mean?

Header: algorithm and token type. Payload: data/claims (sub, exp, iat, etc). Signature: hash of header + payload + secret, used to validate integrity.

Developer Tools

JWT Decoder

FAQ