JWT Decoder
Decode JSON Web Tokens to inspect the header, payload, and signature. Check expiration and claims instantly.
How to Use
Paste your JWT (the long base64 string) into the input box.
Click 'Decode' to parse the token.
View the decoded header (algorithm, type) and payload (claims, expiration).
Timestamps like iat, exp, and nbf are automatically converted to readable dates.
Frequently Asked Questions
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three parts: a header (algorithm info), a payload (the claims/data), and a signature (for verification).
Does this verify the JWT signature?
No. This tool only decodes and displays the token contents. Signature verification requires the secret key or public key, which should never be shared in a browser tool. Use this for inspection and debugging only.
Is my JWT sent to any server?
No. All decoding happens in your browser. Your token never leaves your device. However, never paste production tokens with sensitive data into any online tool — this is for development and debugging only.
What do iat, exp, and nbf mean?
iat = Issued At (when the token was created), exp = Expiration Time (when it expires), nbf = Not Before (token is not valid before this time). All are Unix timestamps.