JWT Decoder
Decode JSON Web Tokens to view their header and payload. No verification performed.
Security note
This tool does not verify signatures or validate token expiry. Decode only.
About this JWT Decoder
Decode JSON Web Tokens to view header and payload. JWTs are base64url-encoded; this tool decodes and pretty-prints the JSON. No verification or signature check—use for inspection and debugging only. All processing in your browser.
Key Features
Decode JWT header and payload
Pretty-print JSON
Show standard claims (exp, iat, sub, etc.)
Copy decoded JSON
Works in your browser
How to Use
Paste a JWT (header.payload.signature)
View decoded header and payload
Check claims and expiry
Copy if needed
Popular Use Cases
Debug auth tokens
Inspect claims and expiry
Understand API or OAuth tokens
Verify token structure
Tips & Best Practices
This tool does not verify the signature. Never trust decoded content for security decisions without verification.
exp = expiry (Unix time), iat = issued at, sub = subject.
Frequently Asked Questions
Does this verify the JWT?
No. The tool only decodes and displays the payload. It does not check the signature or validate the token. Use for inspection and debugging only.
Is my token sent to a server?
No. Decoding runs in your browser. The JWT never leaves your device.
What are common JWT claims?
exp (expiry), iat (issued at), sub (subject), iss (issuer), aud (audience). Many APIs add custom claims.
Related tools
Format and validate JSON data with proper indentation and syntax highlighting.
Write and preview Markdown content with real-time rendering.
Generate unique identifiers (UUIDs) for databases, APIs, and applications.
Test and debug regular expressions with real-time matching and highlighting.
Minify CSS code to reduce file size and improve loading speed.
Minify JavaScript code to reduce file size and improve loading speed.