JWT Decoder Online — Decode & Inspect JSON Web Tokens
Decode and inspect JSON Web Tokens — header, payload, and expiry
JWT decoding happens entirely in your browser. The signature is displayed but not verified (no secret key).
Frequently Asked Questions
Is it safe to paste my JWT here?
Yes. The JWT decoder runs entirely in your browser. No tokens are sent to our servers. However, never paste production tokens into untrusted tools.
What is a JWT token?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication. It contains a header (algorithm), payload (claims like user ID and expiry), and a signature.
Can this tool verify JWT signatures?
The decoder shows the header, payload, and expiration status. Full signature verification requires the secret key or public key, which should never be shared publicly.
For authorized, legal, and ethical security testing only. Scans are rate-limited to 3 per day on the free tier.