JWT Decoder
Decode and inspect JSON Web Tokens (JWT)
Instantly decode and inspect JWT (JSON Web Token) headers and payloads without verification. See claims, expiration times, and token structure clearly formatted. Perfect for debugging authentication issues, inspecting API tokens, or understanding JWT contents. Note: This tool decodes tokens locally and never sends them to any server.
⚠️ Privacy Notice: All decoding happens locally in your browser. JWT tokens are never sent to any server.
About JWT
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.
A JWT consists of three parts separated by dots (.):
- Header: Contains the token type and signing algorithm
- Payload: Contains the claims (user data and metadata)
- Signature: Used to verify the token hasn't been altered
Common Claims:
- iss (issuer) - Who issued the token
- sub (subject) - Who the token is about
- aud (audience) - Who the token is intended for
- exp (expiration) - When the token expires
- iat (issued at) - When the token was issued
- nbf (not before) - When the token becomes valid
How to Use
- 1 Paste your JWT token (looks like: eyJhbGciOiJIUzI1NiIs...)
- 2 The header and payload are decoded and displayed instantly
- 3 Review token claims, expiration (exp), issued time (iat), and more
- 4 Use for debugging auth issues or understanding token structure
- 5 100% client-side—your tokens are never sent to any server