JWT Encoder / Decoder

Build, inspect, and verify JSON Web Tokens — entirely in your browser

Header

base64url

base64url

HMAC-SHA256

Only HS256 supported. Secret never leaves your browser.

Fill in the fields to generate a token.

JWT payloads are not encrypted — only base64url encoded. Anyone can read the payload. Only use JWTs to transmit non-sensitive data or over HTTPS.