Decode and inspect the header and payload of any JWT token instantly
Developer Tools
JWT Decoder - Decode JSON Web Tokens Online
How to Use
1Paste your JWT token (three dot-separated parts) into the input
2The decoded Header and Payload are shown as formatted JSON
3Check claim values like "exp" (expiry), "iss" (issuer), "sub" (subject)
4Note: this tool does NOT verify the signature
Frequently Asked Questions
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three base64url-encoded parts: Header, Payload, and Signature, separated by dots.
No. This tool only decodes the Header and Payload for inspection. Verifying the signature requires the secret key or public key, which should never be shared. To verify a JWT, use your server-side library.
The "exp" (expiration time) claim is a Unix timestamp (seconds since Jan 1 1970) indicating when the token expires. You can convert it using an epoch converter tool.
The Header and Payload of a JWT are only base64-encoded, not encrypted — anyone with the token can read them. However, for sensitive tokens, all decoding happens in your browser with no data sent to any server.