Updated 2026-07-09
Decode a JWT online to read its header and payload instantly, in your browser. Paste a JSON Web Token and SnapTools splits it into its three parts and pretty-prints the decoded header and claims — and if you paste the secret, it verifies the HS256/384/512 signature so you know the token is authentic. Nothing is uploaded; because a JWT is a credential, decoding happens entirely on your machine.
A JWT's header and payload are only Base64URL-encoded, not encrypted, so anyone can read them — which is exactly why a quick, private decoder is handy for debugging logins, checking a token's expiry, or learning how JWTs are put together. Just remember never to store secrets in a payload.
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMiLCJuYW1lIjoiQWRhIn0.signature
header: { "alg": "HS256", "typ": "JWT" }
payload: { "sub": "123", "name": "Ada", "iat": 1700000000 }
↳ Curious to go deeper? Read the How JWT authentication works guide →
curl -X POST https://snaptools.dev/api/v1/tools/jwt-decoder \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMiLCJuYW1lIjoiQWRhIn0.signature"}'