JWT Decoder
Decode and inspect JWT tokens instantly. Nothing is sent to our servers.
Related tools
Frequently asked questions
What is a JWT token?
JWT (JSON Web Token) is an open standard for securely transmitting information between parties as a JSON object. It consists of three parts: header, payload, and signature, separated by dots.
Is it safe to paste my JWT here?
Yes. JWT tokens are decoded entirely in your browser — nothing is sent to our servers. The token never leaves your device. Additionally, decoding a JWT does not require the secret key and exposes only the public payload.
What does JWT decoding show?
Decoding shows the header (algorithm and token type) and payload (claims like user ID, expiry time, roles). The signature cannot be decoded — it can only be verified with the secret key.
Can this tool verify JWT signatures?
No — signature verification requires the secret key which you should never share. This tool only decodes the header and payload which are base64 encoded and not secret.
What are common JWT claims?
Common claims include: sub (subject/user ID), iat (issued at), exp (expiry), iss (issuer), aud (audience), and nbf (not before). Our decoder highlights expiry status automatically.