🔐

JWT Decoder

Decode and inspect JWT tokens. View header, payload, and signature info instantly in your browser.

How to Use

  1. Paste your JWT token into the input field. A valid JWT consists of three dot-separated Base64 sections: header, payload, and signature.
  2. Instantly view the decoded header (algorithm, token type) and payload (claims, expiry, subject) in a structured JSON view with syntax highlighting.
  3. Check the token's expiry status — the tool highlights whether the token is still valid or has expired based on the exp claim.

Frequently Asked Questions

What is JWT?
JWT (JSON Web Token) is a compact, URL-safe way to represent claims between two parties. It's commonly used for authentication and information exchange in web applications.
What do the 3 parts of a JWT mean?
The header contains metadata like the signing algorithm (e.g., HS256). The payload holds the claims (user ID, expiry, issuer). The signature is a cryptographic hash that verifies the token hasn't been tampered with.
Does this tool verify the signature?
No, this tool decodes and displays the header and payload for inspection, but does not cryptographically verify the signature. For full verification you need the secret key or public key, which should never be pasted into an online tool.