About the JWT Decoder
A JWT (JSON Web Token) is a compact, URL-safe token with three Base64URL parts — header, payload and signature — separated by dots. This tool decodes the header and payload so you can read the claims (such as the issuer, subject and expiry). Decoding is not verification: it does not check the signature, and the token is never sent anywhere — everything happens in your browser.
Privacy: your token is decoded locally and never uploaded. Decoding only reveals the contents — it does not verify the signature, so never trust a token without verifying it on your server.
How to use
- Paste your JWT-encoded text into the input box.
- The decoded result appears instantly.
- Click Copy to use the decoded text.
Common uses
- Inspecting JWT claims while debugging.
- Checking token expiry and issuer.
- Understanding what an API token contains.
- Learning how JWTs are structured.
Frequently asked questions
Does this verify the signature?
No. It only decodes the header and payload so you can read them. Signature verification needs the secret or public key and should be done on your server.
Is my token uploaded?
No — decoding happens entirely in your browser; the token never leaves your device.