Header
The Header contains metadata about the token type and signing algorithm. Common fields include alg and typ.
JWT Decoder
Decode a JWT in the browser and display the Header, Payload, and Signature in a readable way. Nothing is sent to a server; everything runs locally.
Como leer un JWT
Usa esto cuando quieras inspeccionar el header, el payload, la firma, los claims estandar y el estado de expiracion en el JWT Decoder. Sirve para inspeccion, no para verificar la firma.
Ejemplo de inspeccion
header.payload.signaturePaste a JWT and inspect what it contains
Bearer prefixes, spaces, and line breaks are removed automatically. This tool does not verify signatures.
The JWT you enter is not sent to a server. All processing happens in your browser, but please be careful with production access tokens and other sensitive data.
Decoded result
Header / Payload / Signature are shown separately, with standard claims and expiry status added as helpers.
Enter a JWT and press Decode to see the result here.
Conceptos básicos de JWT
JWT stands for JSON Web Token. It is a token format used to exchange JSON data in a compact way, often for login state, API auth, and user information transfer.
JWT structure
A JWT consists of three parts: Header, Payload, and Signature, separated by dots.
header.payload.signature
Payload
The Payload contains user IDs, expiration data, issuers, permissions, and other claims. Each field is called a claim.
Signature
The Signature is used to detect tampering. This tool only displays the signature section and does not verify it.
Standard claims
Standard claims such as iss, sub, aud, exp, nbf, iat, and jti help explain the token's purpose and timing. Time-based values are rendered in the local timezone.
Notes
Being able to decode a token does not mean it is trustworthy. Because signature verification is not performed, do not use this output alone for auth or authorization decisions. Payload data is readable unless the token is encrypted.
Preguntas frecuentes
What is a JWT decoder?
It is a tool that splits a JWT into Header, Payload, and Signature, decodes the Base64URL data, and lets you inspect the contents.
Is my JWT sent to a server?
No. The JWT you enter is not sent to a server. Everything happens in the browser.
Can it verify signatures?
No. This is a decoding tool only and does not verify signatures.
Can it check expiration time?
Yes. If the Payload contains exp, the Unix timestamp is converted to a readable date and compared with the current time.
Ver todos los generadores
Abre la pagina completa para comparar herramientas y cambiar a otra.
Seguridad
Solo en el navegador
La generacion y la exportacion se quedan en el navegador.
Sin subidas
Tu entrada nunca se envia a un servidor.
Sin almacenamiento
Al recargar se limpian la entrada y la salida.