🔑

JWT Decoder

Free

Paste a JSON Web Token to decode and inspect its header, payload, and claims. Shows expiration time, issued-at date, and all custom claims in a readable format. Decode-only — signature is never verified.

How to Use JWT Decoder

  1. 1

    Paste your complete JWT token (the full string including the two dots that separate header, payload, and signature) into the input field.

  2. 2

    The decoded header and payload are displayed as formatted JSON in separate panels below.

  3. 3

    Check the expiry section — exp and iat timestamps are converted to human-readable dates, and expired tokens are highlighted in red.

  4. 4

    Review all claims in the payload. Note: this tool is decode-only — signature verification is not performed and requires the secret key server-side.

Features

  • Decodes header and payload
  • Shows expiry (exp) and issued-at (iat) as human-readable dates
  • Highlights expired tokens
  • Never sends token to server

Frequently Asked Questions

Does this tool verify the JWT signature?

No. This tool only decodes the payload for inspection. Signature verification requires the secret key and should be done server-side.

Is it safe to paste my JWT here?

This tool runs entirely in your browser — nothing is transmitted to any server. That said, avoid pasting production tokens in any online tool out of good security practice.