Header
The Header contains metadata about the token type and signing algorithm. Common fields include alg and typ.
JWT Decoder
Decode a JWT in the browser and display the Header, Payload, and Signature in a readable way. Nothing is sent to a server; everything runs locally.
How to read a JWT
Use this when you want to inspect the header, payload, signature, standard claims, and expiry status in the JWT Decoder. It is for inspection, not signature verification.
Inspection example
header.payload.signaturePaste a JWT and inspect what it contains
Bearer prefixes, spaces, and line breaks are removed automatically. This tool does not verify signatures.
The JWT you enter is not sent to a server. All processing happens in your browser, but please be careful with production access tokens and other sensitive data.
Decoded result
Header / Payload / Signature are shown separately, with standard claims and expiry status added as helpers.
Enter a JWT and press Decode to see the result here.
JWT basics
JWT stands for JSON Web Token. It is a token format used to exchange JSON data in a compact way, often for login state, API auth, and user information transfer.
JWT structure
A JWT consists of three parts: Header, Payload, and Signature, separated by dots.
header.payload.signature
Payload
The Payload contains user IDs, expiration data, issuers, permissions, and other claims. Each field is called a claim.
Signature
The Signature is used to detect tampering. This tool only displays the signature section and does not verify it.
Standard claims
Standard claims such as iss, sub, aud, exp, nbf, iat, and jti help explain the token's purpose and timing. Time-based values are rendered in the local timezone.
Notes
Being able to decode a token does not mean it is trustworthy. Because signature verification is not performed, do not use this output alone for auth or authorization decisions. Payload data is readable unless the token is encrypted.
FAQ
What is a JWT decoder?
It is a tool that splits a JWT into Header, Payload, and Signature, decodes the Base64URL data, and lets you inspect the contents.
Is my JWT sent to a server?
No. The JWT you enter is not sent to a server. Everything happens in the browser.
Can it verify signatures?
No. This is a decoding tool only and does not verify signatures.
Can it check expiration time?
Yes. If the Payload contains exp, the Unix timestamp is converted to a readable date and compared with the current time.
Browse all generators
Open the full generators page to compare tools and switch to another one.
Safety
Browser-only
Generation and export both stay in the browser.
No upload
Your input is never sent to a server.
No storage
Reloading clears the input and output.