JWT Decoder
Decode JWT header and payload without your token leaving the page.
Decode only: signatures are not verified. Your token is decoded locally and never leaves this page.
About this tool
Paste a JSON Web Token and this decoder splits it into header and payload, pretty-printed as
JSON. The timestamp claims (iat, exp and nbf) become
readable dates, and a badge shows whether the token has expired.
Decoding a token is usually the first step when debugging a broken login. The token is processed entirely on your device and never transmitted or logged. Keep in mind that decoding is not verification: only the signature, checked server-side with the key, proves a token is authentic.
Frequently asked questions
- Is it safe to paste a real production JWT here?
- Yes. The token is decoded by JavaScript in your browser tab and never leaves the page. It keeps working even with the internet disconnected.
- Does this tool verify the JWT signature?
- No, it decodes only. The header and payload are just Base64Url-encoded JSON; verifying the signature requires the signing key and belongs in your backend.
- What do iat, exp and nbf mean?
- iat is when the token was issued, exp is when it expires, and nbf is the moment before which it must not be accepted. Each is converted to a readable date, and a badge shows whether the token has expired.
Related tools
JSON Formatter 📌 Format, validate and minify JSON with clear error messages. Unix Timestamp Converter 📌 Convert Unix timestamps to dates and back, in seconds or milliseconds. Base64 Encode / Decode 📌 Encode and decode Base64 text or convert files to data URIs. Diff Checker 📌 Compare two texts and highlight changes line by line or word by word.