Ctrl+K
Popular searches:
UtilStation

JWT Inspector

v1.0.0

JWT Inspector

Decode, inspect, and verify JSON Web Tokens with signature checks and claim validation.

Warning

This tool is not supported on mobile devices, please use a desktop device for better experience.

JSON Web Token
Structure
Waiting for token
Expiration
Not set
Not Before
Not set
Issued At
Not set
Signature
Add a secret to verify.
Decoded Header
Decoded Payload
Claims & TimestampsNow: 2/11/2026, 11:24:03 PM
Issuer (iss)Subject (sub)
Audience (aud)Token ID (jti)
Expiration (exp)
Not set
Not Before (nbf)
Not set
Issued At (iat)
Not set
Signature VerificationSkipped
Add a secret to verify.HMAC only

  • Generate realistic test data using Faker.js for development, testing, and prototyping. Create fake users, addresses, companies, and more.

  • JSON Data Query
    Similar tool

    Query JSON data using dot notation and array indexing to extract specific values from complex JSON structures.

  • Hash Generator
    Similar tool

    Compute SHA hashes (SHA-1/256/384/512) for text or files with quick copy outputs.

What this tool does

The JWT Inspector decodes JSON Web Tokens in your browser, shows header and payload JSON, and optionally verifies the HMAC signature using a shared secret.

How to use it

  1. Paste a JWT in header.payload.signature format into the token box.
  2. Review the decoded header and payload plus standard claims like iss, aud, exp, and nbf.
  3. Enter the shared secret and choose the HMAC algorithm (HS256/384/512) to verify the signature.

Security tips

  • Never reuse production secrets on untrusted machines. Verification runs locally and no data is sent to a server.
  • Always check audience (aud) and issuer (iss) in addition to signature validity.
  • Ensure tokens include exp and nbf to enforce time boundaries.