Find a tool

JWT Decoder Runs in your browser. No input data is sent to our server.

Paste a JSON Web Token into the editor, decode it instantly, and inspect the header and payload without sending the token to a server. This page is useful for debugging auth flows, API integrations, and token-based tooling.

Decoded JWT

Paste content and run the tool instantly.

This tool runs entirely in your browser, so you can inspect, transform, or generate developer text without sending it to a remote processing service.

Decode JWT Tokens Online

Decode JWT tokens online to inspect the header, payload, timing claims, and signature metadata in your browser. Paste a JSON Web Token and the tool splits it into its three parts — algorithm and type in the header, claims like sub, exp, iat, and any custom data in the payload — without verifying the signature or sending the token to a server.

How to use JWT Decoder

1

Paste content into the jwt input panel.

2

Run the tool to generate the decoded jwt.

3

Copy or download the result once it looks right.

Why this helps in real workflows

Debugging an auth flow where a token is present but the request is still being rejected.

Checking expiry claims (exp, iat, nbf) when a session is expiring sooner than expected.

Inspecting the algorithm field in the header to verify a token is signed correctly.

Reading a JWT payload from an API response without writing decoding code.

Common problems and fixes

The token looks valid but the API keeps returning 401.

Check the 'exp' claim in the payload — it's a Unix timestamp. If it's in the past, the token has expired. Also check 'nbf' (not before) if present.

The payload shows garbled text instead of JSON.

JWTs base64url-encode the payload. This decoder handles the encoding automatically, but if the output looks wrong, the token may be malformed or using a non-standard encoding.

I need to verify the signature, not just read the payload.

This tool only decodes — it does not verify signatures. Use your backend SDK or a tool like jwt.io with your secret key to verify the signature.

Related tools

Developer Tools Hub cURL Converter Markdown Editor & Preview Lorem Ipsum Generator UUID / ULID Generator QR Code Generator SLA Uptime Calculator SLO Error Budget Calculator Hash Generator HMAC Generator Slug Generator Word & Character Counter Case Converter Text Sorter & Deduplicator JSON Diff & Merge JSON Schema Generator BCrypt Hash Generator BCrypt Hash Verifier Diff Checker URL Parser Query String Parser Query String Builder JSON Minifier Unix Timestamp Converter Timezone Converter Date Difference Calculator Time Now Color Code Converter CSS Gradient Generator Number Base Converter

Related Guides

What Is Base64URL and When Is It Used? How Base64URL Appears in JWTs What Is Base64 Encoding Used For?

Frequently asked questions

How do I decode a JWT?

Paste the token into the input box, run the decoder, and inspect the decoded header and payload sections.

Does this JWT decoder verify signatures?

No. It decodes and inspects the token structure locally, but it does not verify the JWT signature. For signature verification you need the secret or public key used to sign the token.

What are the three parts of a JWT?

Header (algorithm and token type), payload (claims like sub, exp, iat, and any custom data), and signature. All three are base64url-encoded and separated by dots.

Is it safe to paste a JWT into a browser tool?

This tool runs entirely in your browser — nothing is sent to a server. That said, avoid pasting production tokens with sensitive claims into any third-party tool as a general practice.

What does 'exp' mean in a JWT payload?

'exp' is the expiration time as a Unix timestamp (seconds since Jan 1 1970). Compare it against the current time to check if the token is still valid.

Is this JWT decoder free?

Yes. It is free to use in your browser.