JWT Decoder
Decode and inspect JSON Web Tokens — view header, payload, and signature instantly. All processing happens in your browser.
Frequently Asked Questions
What is a JWT? +
A JSON Web Token (JWT) is a compact, URL-safe token used to represent claims between two parties. It consists of three base64url-encoded parts: a header, a payload, and a signature — separated by dots.
Can this tool verify a JWT signature? +
No. Signature verification requires knowledge of the secret key or public key and must be done server-side. This tool only decodes the header and payload — it does not validate authenticity or integrity.
Is it safe to paste my JWT here? +
All decoding happens entirely in your browser — no token data is sent to any server. However, as a best practice, avoid pasting production tokens with sensitive payloads into any online tool.
What does the iat and exp claim mean? +
iat (issued at) is a Unix timestamp of when the token was created. exp (expiration) is a Unix timestamp after which the token is no longer valid. This decoder detects and displays the expiry status automatically.
Frequently Asked Questions
- A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three base64url-encoded parts: header, payload, and signature.