JWT Decoder
Decode and inspect JWT token header and payload
Header
{
"alg": "HS256",
"typ": "JWT"
}Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Signature is not verified
Payload
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Issued: 1/18/2018, 1:30:22 AM
JWT Decoder & Inspector
Decode and inspect JSON Web Tokens (JWT) instantly. Paste a JWT to see the decoded header, payload, and expiration — without needing the secret key. Useful for debugging auth flows.
FAQ
What is a JWT?
A JWT (JSON Web Token) is a compact, URL-safe token format used for authentication. It contains three Base64url-encoded parts: header, payload, and signature.
Can I verify a JWT without the secret?
You can decode the header and payload without the secret. To verify the signature (confirm it hasn't been tampered with), you need the signing key.
Is it safe to paste my JWT here?
This tool decodes entirely in your browser — nothing is transmitted to a server. However, never share JWTs publicly as they grant access to whatever they authorize.
What does 'exp' mean in a JWT payload?
'exp' is the expiration time as a Unix timestamp. If the current time is past exp, the token is expired and should be rejected.
Continue Exploring
Other Developer Tools you might like...
JSON Formatter
Format, validate, and minify JSON data with syntax highlighting
Base64 Encoder/Decoder
Encode text to Base64 and decode Base64 strings
URL Encoder/Decoder
Encode and decode URL components and query strings
UUID Generator
Generate random UUID v4 identifiers
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text
Regex Tester
Test and debug regular expressions with match highlighting
HTML Formatter
Beautify and format HTML code with proper indentation
CSS Minifier
Minify CSS code by removing whitespace and comments