JWTStudio

Decode, verify, and create JWT tokens — entirely in your browser.

Tokens and secrets are processed locally and never stored or sent to any server — unlike online JWT sites, there is no backend here at all

JWT token

Payload (JSON)

Only use TEST keys here. Signing happens locally via WebCrypto, but production private keys should never be pasted into any browser tool. The generated keypair's public key appears below so you can verify elsewhere.

Signed token

Signed with WebCrypto in this tab (HMAC, RSA, or ECDSA). The secret never leaves your machine — but only sign with test/dev secrets in any browser tool, including this one.

Header

Payload

Claims explained

ClaimValueMeaning

Signature

Verify HMAC signature (HS256 / HS384 / HS512)

Verified locally with WebCrypto — the secret never leaves this page (like everything else here). RSA/ECDSA tokens show the signature for inspection only; never paste private keys into any web tool.