JWT Decoder

Decode JSON Web Tokens to inspect the header and payload. Shows expiration status and human-readable dates.

Processed in your browser. No data is sent to our servers.

How to Decode a JWT

Paste your JSON Web Token into the input field and the tool instantly decodes the header and payload, displaying them as formatted JSON. Time-based claims — iat (issued at), exp (expiration), and nbf (not before) — are shown as both raw timestamps and human-readable dates. A badge indicates whether the token is currently valid or expired. This is a decoder only; it reads the Base64url-encoded parts of the token but does not verify the cryptographic signature. Never paste tokens into untrusted tools — this one runs entirely in your browser.

Understanding JWT Structure

A JWT consists of three Base64url-encoded parts separated by dots: header, payload, and signature. The header specifies the signing algorithm (HS256, RS256, etc.). The payload contains claims — standardized fields like sub, iss, exp, and any custom data your application includes. The signature ensures the token has not been tampered with, but verifying it requires the secret key or public key, which this tool does not request. Use this decoder for inspection and debugging; for verification, use your backend's JWT library.

Frequently Asked Questions

No. This tool decodes the header and payload only. Signature verification requires the signing key and should be done server-side.

Yes. The decoding runs entirely in your browser. The token is never sent to any server.

No. This tool only handles JWS (signed) tokens. Encrypted tokens require the decryption key.

The decoder works with any JWT regardless of algorithm, since it only reads the Base64url-encoded header and payload.

Related Tools

Timestamp Converter JSON Formatter Base64 Encode URL Encoder