JWTStudio
Decode, verify, and create JWT tokens — entirely in your browser.
JWT token
Payload (JSON)
Only use TEST keys here. Signing happens locally via WebCrypto, but production private keys should never be pasted into any browser tool. The generated keypair's public key appears below so you can verify elsewhere.
Signed token
Signed with WebCrypto in this tab (HMAC, RSA, or ECDSA). The secret never leaves your machine — but only sign with test/dev secrets in any browser tool, including this one.
Header
Payload
Claims explained
| Claim | Value | Meaning |
|---|
Signature
Verify HMAC signature (HS256 / HS384 / HS512)
Verified locally with WebCrypto — the secret never leaves this page (like everything else here). RSA/ECDSA tokens show the signature for inspection only; never paste private keys into any web tool.