JWT Decoder — Decode JSON Web Tokens

Paste any JSON Web Token to decode and inspect its header, payload, and signature. See expiration time, issued at, and all claims in a human-readable format.

🔑

JWT Decoder

DeveloperFree · No signup

Encoded JWT Token

❌

Payload (Data)

Status:Expired on

      null

iat:

exp:

Header (Algorithm & Token Type)

      null

Signature

* Signature cannot be verified without the secret key.

Guide

How to Use JWT Decoder

Paste JWT

Copy your JWT token from your app, API response, or browser storage.

Decode

The token is automatically decoded when pasted, showing header, payload, and signature sections.

Inspect Claims

View all token claims with human-readable dates for timestamp fields.

FAQ

Frequently Asked Questions

JWT (JSON Web Token) is an open standard for securely transmitting information between parties as a JSON object. It consists of three parts: Header (algorithm), Payload (claims), and Signature, separated by dots.

Decoding (not verifying) a JWT only reads the Base64URL encoded data — no secret key is involved. However, never paste JWTs containing sensitive production credentials in any online tool.

The payload contains claims — statements about the user and additional metadata. Common claims include: sub (subject/user ID), exp (expiration), iat (issued at), and custom application claims.

This tool decodes (reads) JWTs without verifying the signature. To verify, you need the secret key or public key used to sign it — that should only be done on your own server.

The "exp" (expiration) claim contains a Unix timestamp after which the token is no longer valid. Our decoder shows this as a human-readable date and tells you if the token is expired.