JWTs are compact signed tokens carrying claims — common for API auth and session cookies.
A JSON Web Token has three Base64url-encoded parts: header (algorithm), payload (claims like sub, exp, iss), and signature. Servers verify the signature with a shared secret or public key before trusting claims.
Never paste production JWTs into untrusted sites. Tentaco JWT Decoder parses tokens locally in your browser without sending them to a server.