JWT Decoder
Paste a JSON Web Token to read its header and payload instantly — decoded privately in your browser, never uploaded.
How to decode a JWT
- Paste your token. Or try the sample.
- Read the claims. Header and payload appear formatted.
- Check expiry. If the token has an exp claim, we show it.
A note on security
This tool decodes but does not verify a JWT. Anyone can read a token's payload — that's why you should never store secrets in it. Signature verification must happen on your server with the signing key.
Frequently asked questions
What does this JWT decoder do?
It splits a JSON Web Token into its three parts and Base64URL-decodes the header and payload so you can read the claims inside. Decoding happens entirely in your browser.
Does it verify the signature?
No. This tool only decodes the token to show its contents. It does not verify the signature, which requires the secret or public key on your server.
Is my token sent anywhere?
No. Your JWT is decoded locally in your browser and never uploaded — safe for inspecting tokens.
What is inside a JWT?
A header (algorithm and type), a payload (claims like subject, issued-at and expiry) and a signature. This tool shows the header and payload.