What is a JWT?
A JSON Web Token (JWT) is a compact, self-contained way to transmit information between two parties as a signed package. You’ll encounter JWTs constantly in modern web applications — they’re commonly used to prove that a user is logged in, to carry permissions, and to pass identity information between services.
A JWT has three parts separated by dots: a header (the token type and signing algorithm), a payload (the actual data, called claims), and a signature (used to verify the token hasn’t been tampered with). Each part is Base64Url-encoded, which is why JWTs look like long strings of random characters.
What Does This Tool Do?
This tool decodes a JWT and displays its header and payload in a readable, formatted JSON view. You can instantly see what claims the token contains — such as user ID, expiration time, issued-at time, and any custom data — without needing to write any code.
How to Use This Tool
- Paste your JWT into the input field.
- The decoded header and payload appear immediately below.
- Key claims like expiration (
exp) and issued-at (iat) are shown in a human-readable format.
Common Use Cases
- Debugging authentication: Inspect what’s inside an access token to understand why a request is being rejected.
- Checking expiration: Quickly see when a token expires without needing to decode it manually.
- Understanding claims: Review what user information or permissions a token carries.
- Learning JWT structure: A great tool for understanding how JWTs work.
Frequently Asked Questions
Can this tool verify a JWT's signature?
No. Signature verification requires the secret key or public key used to sign the token, which this tool doesn’t have. This tool only decodes and displays the token’s contents. Always verify signatures server-side.
Is it safe to paste my JWT here?
The decoding happens entirely in your browser — nothing is sent to a server. However, JWTs often contain sensitive information, so be cautious about pasting production tokens into any tool, including this one.
What is the exp claim?
exp is the expiration time — a Unix timestamp indicating when the token becomes invalid. This tool displays it in a human-readable date format alongside the raw value.