Developer Utility

JWT Decoder

Paste a JWT token to inspect its Header, Payload, and Signature structure. Check key claims, expiration time, and algorithm information directly in the browser.

Header / Payload Analysis Decode the JWT Header and Payload into readable JSON format.

Claim Summary Quickly check key claims such as exp, iat, iss, aud, and sub.

Browser-side Processing The token you enter is processed only in the browser for decoding and is not sent to a server.

JWT Token Input

Paste the full JWT string to split and inspect the Header, Payload, and Signature sections.

JWT Structure A JWT is usually composed of three sections: Header.Payload.Signature.

Important Notice This tool only decodes JWTs. It does not verify signatures or authenticate token validity.

Auto decode while typing Pretty print JSON Display time in local timezone

JWT Token

Parts 0 Token 0 chars alg waiting exp waiting Waiting for decoding

Key Claim Summary

Shows representative claim values included in the Payload.

Ready

Subject -

Issuer -

Audience -

Issued At -

Expiration -

Algorithm -

Decoded Result

Inspect the Header, Payload, and Signature sections separately.

Header

{}

Payload

{}

Signature

The signature value will appear here.

JWT Checkpoints

JWT payloads are decodable, but you should not trust an unverified Payload as-is.

Header

Contains token type and signing algorithm information, such as alg and typ.

Payload

Contains claim information such as user identifier, permissions, and expiration time.

Signature

Used to verify that the token has not been tampered with. This page does not verify it.

Help

What is a JWT Decoder?

A JWT Decoder is a developer utility that splits a JSON Web Token into Header, Payload, and Signature sections and displays the Base64URL-encoded Header and Payload as JSON.

It can be used to inspect login token structure, test API authentication, check expiration times, and review claim values.

How to Use

Paste the full JWT token string into the input area.
If auto decode is enabled, the result appears immediately.
Check the Header, Payload, and Signature sections separately.
Use Copy Payload, Copy Full Result, or Download JSON when needed.

Is JWT encrypted?

A typical JWT is not encrypted. It is Base64URL-encoded, so the Header and Payload can be decoded by anyone. Do not put sensitive personal data or passwords in a normal JWT.

Does this tool verify the signature?

No. This tool only decodes the Header and Payload. Actual authentication must be performed on the server by verifying the Signature with a secret key or public key.

What are exp, iat, and nbf?

exp means expiration time, iat means issued at, and nbf means not before. These claims are usually stored as Unix timestamps in seconds.

Why does JWT decoding fail?

Decoding may fail if the token is not in Header.Payload.Signature format, the Base64URL value is broken, or the Header/Payload is not valid JSON.

Can I enter a real production token?

It is safer not to enter real production tokens, administrator tokens, session tokens, or values containing API keys. Use a masked or expired sample token for testing.