JWT Decoder
Paste a JSON Web Token to see its decoded header and payload, pretty-printed as JSON. The token is decoded entirely in your browser and never leaves your device. This tool decodes only and does not verify the signature.
Frequently asked questions
Does this JWT decoder verify the token signature?+
No. It only decodes the header and payload so you can read the claims. Verifying a signature requires the secret or public key and should be done on a trusted server, not in a public web page.
Is it safe to paste a JWT into this decoder?+
The decoding runs fully in your browser with JavaScript, and the token is never sent anywhere. Still, treat any live access token as a secret and avoid pasting one you are actively using into any online tool.
Why does my JWT show an expiry as a number?+
JWT timestamps like exp and iat are Unix epoch seconds. The decoder shows the raw payload, and it also displays a readable date for common time claims so you can tell whether a token is expired.