Decode a JWT, header, payload, signature

Inspect tokens locally; expiry made readable.

Files stay on your device. No accounts. Free.

Loading tool...

About this tool

Paste a JWT and see its header, payload and signature in three labelled panes, with exp, iat and nbf timestamps translated into readable dates and an at-a-glance expired/valid note. Purely for debugging, the signature is not verified.

This matters more than it sounds: a live JWT is a credential, and most online decoders send it to their server. This one decodes entirely in your browser.

How it works

  1. Paste your input, or drop a text file onto the box.
  2. The output updates live as you type.
  3. Copy it to the clipboard, or download it as a file.

Frequently asked questions

Is it safe to paste a production JWT here?

Safer than most alternatives: the token is split and Base64-decoded entirely in your browser, so it is never transmitted. Still, treat live tokens as credentials, decode what you need and avoid sharing screenshots of the payload.

Why does it say the signature is not verified?

Verifying a signature requires the secret or public key it was signed with, which only the issuing server should have. This tool is for inspecting what a token claims, not for proving the claims are genuine.

How do I tell if my token is expired?

The exp claim is translated into a readable date next to its raw value, along with iat and nbf, so you can see at a glance when the token was issued and when it stops being valid.

Related tools

Missing something? Suggest a feature →