Skip to content

JWT Decoder

Decode JSON Web Tokens to inspect the header and payload instantly in your browser. See claims like expiry and issuer without a server call.

IN: JWT string  ·  OUT: Header & payload JSON  ·  RUNS: 100% in your browser

Frequently asked questions

Does this tool verify the JWT signature?+

No, it only decodes and displays the header and payload. Signature verification requires the secret or public key, which this tool does not request, for your safety.

Is my token sent to a server?+

No. Decoding happens entirely client-side in your browser; your token is never transmitted or logged.

Why shouldn't I paste production tokens into online tools?+

As a general security practice, avoid pasting live production tokens into any third-party site. This tool works fully offline in your browser, but using a local or expired token for testing is still good hygiene.

What does the 'exp' claim mean?+

The exp claim is a Unix timestamp indicating when the token expires. This tool automatically converts it to a readable date for you.