This tool allows you to decode and validate JWTs (JSON Web Tokens). Paste your JWT to view its contents and verify its validity.
JWT Token
Header
Decode a token to see the header
Payload
Decode a token to see the payload
Signature
Decode a token to see signature information
JWT Modifier
⚠️ Security Notice: This tool is for educational and testing
purposes only. Use only in controlled environments with proper authorization.
🔑 Secret Key Configuration
Edit Payload
How to Use
1. First decode a JWT token using the "Decode Token" button
2. Enter the secret key used to sign the original token
3. Modify the payload JSON as needed (e.g., change role,
username, permissions)
4. Click "Generate New Token" to create a new signed JWT
5. Use the new token in your requests (Header: Authorization:
Bearer TOKEN)
About JWT (JSON Web Tokens)
JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
A JWT consists of three parts separated by dots:
- Header: Contains the type of the token and the signing algorithm used
- Payload: Contains the claims, which are statements about an entity (typically the user) and additional data
- Signature: Verifies that the sender of the JWT is who it claims to be and ensures that the message wasn't altered
JWTs are commonly used for:
- Authentication: When a user logs in, every subsequent request will include the JWT
- Information exchange: JWTs are a good way to securely transmit information between parties
- Authorization: Once the user is logged in, the JWT allows access to routes, services, and resources permitted with that token