Decode JSON Web Tokens instantly — see header, payload, and expiry. 100% private, your token never leaves your browser.
Copy the JWT token from your app, API response, or browser dev tools and paste it into the input field.
The header, payload, and signature are decoded and displayed instantly. Expiry (exp) claims are shown as human-readable dates.
The tool tells you if the token is still valid, already expired, or missing an expiry claim.
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three Base64URL-encoded parts: header, payload, and signature, separated by dots.
Yes. Decoding happens entirely in your browser — your token is never sent to any server. However, never share your JWT with untrusted third-party sites, as it can be used to impersonate you.
No. Signature verification requires the secret key, which should never be shared client-side. This tool only decodes (Base64URL decodes) the header and payload for inspection.
iat = issued at (when the token was created). exp = expiry (when it expires). nbf = not before (earliest valid time). All are Unix timestamps.