JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs consist of three Base64-encoded parts separated by dots: header.payload.signature. They are most commonly used for authentication and session management in web applications.

Does this tool verify the JWT signature?

No. This tool only decodes and displays the header and payload — it does not verify the signature. Signature verification requires the secret key or public key, which you should never share publicly.

Is it safe to paste my JWT here?

Decoding happens entirely in your browser — the JWT is never transmitted to any server. However, JWTs containing sensitive claims (user IDs, roles, personal data) should be handled with care. Avoid pasting production tokens from critical systems in any public tool.

What is the exp claim in a JWT?

The exp (expiration time) claim is a Unix timestamp that indicates when the token expires. This tool automatically converts it to a human-readable date and time, and tells you whether the token is still valid or has already expired.

What is the difference between iat and nbf in a JWT?

iat (issued at) is the Unix timestamp when the token was created. nbf (not before) specifies a time before which the token must not be accepted. Both are optional claims.

JWT Decoder

Decode and inspect JWT tokens — header, payload, and expiry — instantly.

JWT Token

Ad Placeholder

About JWT Decoder

Free online JWT (JSON Web Token) decoder. Decode the header and payload of any JWT token without needing the secret key. Inspect all claims including sub, iat, exp, and custom claims. Shows human-readable expiry dates and whether the token has already expired. Entirely browser-based — your token is never transmitted anywhere.

How to Use JWT Decoder

Paste your JWT token (the full string starting with 'eyJ...') into the input field.
The decoded header and payload appear automatically in formatted JSON.
Check the exp claim for the token expiry date — the tool shows whether your token has expired.
Use the raw JSON view to inspect all claims including custom ones.

Frequently Asked Questions

What is a JWT?: JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs consist of three Base64-encoded parts separated by dots: header.payload.signature. They are most commonly used for authentication and session management in web applications.
Does this tool verify the JWT signature?: No. This tool only decodes and displays the header and payload — it does not verify the signature. Signature verification requires the secret key or public key, which you should never share publicly.
Is it safe to paste my JWT here?: Decoding happens entirely in your browser — the JWT is never transmitted to any server. However, JWTs containing sensitive claims (user IDs, roles, personal data) should be handled with care. Avoid pasting production tokens from critical systems in any public tool.
What is the exp claim in a JWT?: The exp (expiration time) claim is a Unix timestamp that indicates when the token expires. This tool automatically converts it to a human-readable date and time, and tells you whether the token is still valid or has already expired.
What is the difference between iat and nbf in a JWT?: iat (issued at) is the Unix timestamp when the token was created. nbf (not before) specifies a time before which the token must not be accepted. Both are optional claims.

Related Tools

🔠

Popular

Base64 Encoder / Decoder

Encode or decode Base64 text instantly in your browser.

⚡ Developer Tools

{ }

Popular

JSON Formatter & Validator

Format, validate, and minify JSON instantly — with syntax error highlighting.

⚡ Developer Tools

#️⃣

Hash Generator

Generate SHA-256, SHA-512, SHA-384, and SHA-1 hashes from any text.

⚡ Developer Tools

JWT Decoder

Decode and inspect JWT tokens — header, payload, and expiry — instantly.

JWT Token

Ad Placeholder

About JWT Decoder

How to Use JWT Decoder

Paste your JWT token (the full string starting with 'eyJ...') into the input field.
The decoded header and payload appear automatically in formatted JSON.
Check the exp claim for the token expiry date — the tool shows whether your token has expired.
Use the raw JSON view to inspect all claims including custom ones.

Frequently Asked Questions

What is a JWT?: JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs consist of three Base64-encoded parts separated by dots: header.payload.signature. They are most commonly used for authentication and session management in web applications.
Does this tool verify the JWT signature?: No. This tool only decodes and displays the header and payload — it does not verify the signature. Signature verification requires the secret key or public key, which you should never share publicly.
Is it safe to paste my JWT here?: Decoding happens entirely in your browser — the JWT is never transmitted to any server. However, JWTs containing sensitive claims (user IDs, roles, personal data) should be handled with care. Avoid pasting production tokens from critical systems in any public tool.
What is the exp claim in a JWT?: The exp (expiration time) claim is a Unix timestamp that indicates when the token expires. This tool automatically converts it to a human-readable date and time, and tells you whether the token is still valid or has already expired.
What is the difference between iat and nbf in a JWT?: iat (issued at) is the Unix timestamp when the token was created. nbf (not before) specifies a time before which the token must not be accepted. Both are optional claims.