JWT Validator

Decode, inspect, and validate JSON Web Tokens (JWT) client-side in seconds.

Inspect and Verify JWTs

Paste your JWT to instantly decode its Header and Payload parts. Verify key claims such as Expiration (exp) and Not Before (nbf), and securely test HS256 signature verification client-side.

Your secret is processed strictly client-side to verify HMAC-SHA256 signatures.
Ready to validate.

Understanding JWT Claims

JSON Web Tokens typically store claims in the payload segment:

How to use the validator

  1. Paste the JWT into the text box. It usually has three parts separated by dots, colored or marked accordingly.
  2. Enter the HMAC secret in the secret field if verifying an HS256 signature.
  3. Click Decode & Validate JWT.
  4. Review the decoded header and payload objects, along with the status check summaries.
Advertisement banner for developer tools