Free · Decodes locally · Nothing uploaded

JWT decoder

Paste a JSON Web Token to read its header and payload, with expiry and issued-at times in plain English. Everything is decoded in your browser.

🔒 Tokens are decoded entirely on your device. This tool does not verify signatures.

How to decode a JWT

Inspect a JSON Web Token's header and payload, and see when it expires — without sending it anywhere.

📥

1. Paste the token

Drop in a JWT from a request header or cookie.

🔍

2. Read the claims

See the decoded header and payload as formatted JSON.

3. Check expiry

Issued-at and expiry times are shown in plain language.

JWTs carry authentication and authorization data between services, encoded as three Base64url segments. Decoding them helps you debug logins, check scopes and claims, and confirm expiry. This decoder runs entirely in your browser and does not verify or store tokens, so it's safe for sensitive values. Decode plain Base64 with the Base64 tool.

JWT decoder FAQ

Is my token uploaded?

No — it's decoded entirely in your browser and never sent anywhere.

Does it verify the signature?

No, it only decodes. Always verify signatures server-side before trusting a token.

What does it show?

The header and payload as JSON, plus iat/exp/nbf claims as readable dates with a valid/expired status.