JWT Decoder

Decode a JWT header and payload to view the JSON and key claims.

Category: Dev Tools

When to use?

Use it to check an API auth token's payload or its expiry (exp). Quickly see what claims a JWT carries during development.

How to use

  • Paste the JWT token.
  • The header, payload, and signature are decoded and shown.
  • Check key claims like exp and iat.

Input Explanation

Enter a JWT (JSON Web Token) string in header.payload.signature form.

Calculation Basis

It splits the JWT by "." into three parts and parses the Base64Url header and payload into JSON to visualize as objects. It does not verify the signature.

Usage Examples

  • Check token payload - Check an API auth token's payload and key claims like exp and iat.
  • Aid debugging - Quickly see what a JWT received during development contains.
  • Quick pre-deploy check - Check inputs and output to reduce errors before dev/ops work.

Examples

  • eyJhbG... → Payload parsed: {"sub":"1234","name":"John Doe","iat":1516239022}
  • Paste a Bearer token from an Authorization header to check user info (sub, name)

Cautions

  • This tool only decodes and does not verify signature validity.
  • The entered JWT is processed only in the browser and not sent to a server.

Guides

JWT structure

A JWT (JSON Web Token) is header.payload.signature, each Base64URL-encoded and joined by dots. The payload holds user info and expiry (exp).

Signature verification note

This tool decodes the payload to view content. To verify the signature, check it on the server with the secret key.

FAQ

Does it verify the signature?

No. It only decodes and does not verify signature validity.

Is the token sent to a server?

No. The entered JWT is processed only in the browser.

What is in the header?

The header holds the signing algorithm (alg) and type (typ), shown alongside the payload.

Can I check if a token is expired?

It shows the payload exp claim as a readable time so you can check expiry.

Related Tools

  • JSON Formatter - Beautify or minify JSON strings instantly and check for validity errors.
  • UUID Generator - Generate up to 20 cryptographically secure UUID v4 values at once.
  • Password Generator - Generate secure random passwords in the browser by choosing length, character set, and count.
  • Regex Tester - Enter a regex pattern to see matches in text in real time.
  • QR Code Generator - Convert text or a URL into a QR code and download it as an image.
  • Wi-Fi QR Code - Make a QR code from Wi-Fi network info so guests can connect easily.