JWT decoder
FormattingInspect a JSON Web Token's header and payload.
What this tool helps with
A JSON Web Token is three Base64URL segments — header, payload, signature — joined by dots. This decoder splits and decodes the header and payload so you can read the algorithm, claims, issued-at, and expiry without pulling in a library or pasting the token into an online service that logs it. Decoding happens in your browser; the token is never transmitted, which matters because a JWT is a bearer credential. Note this inspects the token; it does not verify the signature.
Signature is shown for reference — this tool does not verify it.
How to use JWT decoder
- Open the JWT decoder page and paste, type, or generate the jwt input you want to work with.
- Pick the options you need so the tool can inspect a JSON Web Token's header and payload
- Copy the json web token result with one click and use it in your next step — terminal, editor, ticket, or anywhere else you need it.
Common uses
- Reach for JWT decoder when you need to inspect a JSON Web Token's header and payload during debugging, code review, or content preparation.
- Skip installing a desktop jwt app — open this formatting utility on a shared machine, an iPad, or a colleague's laptop and it just works.
- Bookmark or share the page when you and your team keep coming back to the same jwt, json web token, decode, and auth workflow.
FAQ
Does decoding a JWT verify it?
No. Anyone can decode a JWT — the payload is just Base64, not encrypted. Verification means checking the signature against the issuer's key, which requires the secret or public key and is a separate step.
Why is the payload readable? Isn't that insecure?
JWTs are signed, not encrypted, by default. The claims are meant to be readable; the signature only guarantees they weren't altered. Never put secrets in a JWT payload.
How do I read the expiry?
The exp claim is a Unix timestamp in seconds. Convert it with the Unix timestamp tool. If exp is in the past the token is expired regardless of a valid signature.