JWT Decoder
Decode JWT headers and payloads locally without uploading the token.
Popular in this group
Switch tools without re-entering your text.
Loading tool…
About this tool
JWT Decoder — The JWT Decoder reads a JSON Web Token and shows its header and payload in readable JSON. When the payload contains standard time claims like iat, exp, and nbf, it also prints them as human-readable UTC dates so you can quickly check when a token was issued or expires.
Decoding is not the same as verifying: this tool reveals what a token contains, which is public and Base64URL-encoded, but it does not check the signature, because that would require your secret key. All decoding happens locally in your browser — paste tokens without sending them anywhere.
How to use it
- Paste your JWT into the input box.
- Read the decoded header and payload.
- Check the human-readable issued and expiry times if present.
Frequently Asked Questions
Does this verify the signature?+
No. It only decodes the readable header and payload. Signature verification needs the secret or public key and is intentionally not performed here.
Is it safe to paste a token here?+
Decoding runs entirely in your browser and nothing is uploaded. Still, treat any live token as a credential and avoid sharing it.
Why is the payload readable without a key?+
A JWT payload is only Base64URL-encoded, not encrypted, so anyone can read it. The signature is what protects it from tampering.