JWT Decoder

All tools

Paste a JWT token below to decode the header and payload. Decoding does not verify the signature.

JWT token

Header (JSON)

Payload (JSON)

alg

—

typ

—

exp (UTC)

—

Note: this tool decodes only. It does not validate or verify signatures.

What is a JWT?

JWT (JSON Web Token) is a compact token format used for authentication and authorization.

A JWT usually has three parts: header, payload, and signature. This tool decodes header and payload locally in your browser and does not verify the signature.

How to use the JWT Decoder

Paste a JWT token into the input field.
The tool will decode the header and payload as formatted JSON.
Copy the decoded JSON if you need it for debugging.

Tips

If decoding fails, check that your token has three dot-separated parts.
Claims like exp, iat, and nbf are usually UNIX seconds.
If your token was copied with spaces or line breaks, remove them.
Signature verification requires the secret or public key and is not done here.

Related tools

You may also find these tools useful.

JWT Encoder (HS256)

Generate signed JWT tokens using HS256 (HMAC SHA-256) directly in your browser.

Encoding & Security

›

JWT Debugger

Analyze, validate, and edit JWT tokens online.

Encoding & Security

›

Base64 Encoder / Decoder

Encode and decode Base64 online instantly. Free Base64 converter with no login.

Encoding & Security

›

HMAC Generator

Generate HMAC-SHA-256, SHA-1, and SHA-512 signatures instantly in your browser.

Encoding & Security

›

JWT Decoder FAQ

Does this tool verify the JWT signature?

No. It only decodes the header and payload.

Is my token sent to the server?

No. Decoding happens locally in your browser.

Why do I see an exp field?

exp is the expiration time claim, usually stored as UNIX seconds.

Can I decode an encrypted JWT (JWE)?

This tool is intended for standard signed JWTs (JWS). Encrypted tokens (JWE) require decryption keys.