JWT Decoder
Decode and inspect JSON Web Token (JWT) headers and payloads.
Frequently Asked Questions
What is a JWT?
A JSON Web Token is a compact, URL-safe token format used for authentication and data exchange. It has three parts: header.payload.signature, each Base64url-encoded.
Does this verify the JWT signature?
No. Signature verification requires the secret key, which should never be shared. This tool only decodes the header and payload.
Is it safe to paste my JWT here?
All decoding happens in your browser — your token is never sent to any server. However, avoid pasting live production tokens in any online tool as a general best practice.
What does the exp claim mean?
exp (expiration time) is a Unix timestamp indicating when the token expires. This tool displays it as a human-readable date.