JWT Decoder
Decode and inspect JSON Web Tokens β view header, payload, and signature instantly. All processing happens in your browser.
Frequently Asked Questions
What is a JWT? +
A JSON Web Token (JWT) is a compact, URL-safe token used to represent claims between two parties. It consists of three base64url-encoded parts: a header, a payload, and a signature β separated by dots.
Can this tool verify a JWT signature? +
No. Signature verification requires knowledge of the secret key or public key and must be done server-side. This tool only decodes the header and payload β it does not validate authenticity or integrity.
Is it safe to paste my JWT here? +
All decoding happens entirely in your browser β no token data is sent to any server. However, as a best practice, avoid pasting production tokens with sensitive payloads into any online tool.
What does the iat and exp claim mean? +
iat (issued at) is a Unix timestamp of when the token was created. exp (expiration) is a Unix timestamp after which the token is no longer valid. This decoder detects and displays the expiry status automatically.
How to Use
- 1
Paste your JWT
Copy the full JWT token (three dot-separated Base64 segments) from your auth headers or storage.
- 2
Inspect the decoded payload
The tool instantly shows the decoded header (algorithm), payload (claims), and raw signature.
- 3
Check expiry and claims
Review the exp, iat, and sub claims. The tool highlights whether the token is expired.
Frequently Asked Questions
- A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three base64url-encoded parts: header, payload, and signature.