Free • No signup • Fast

JWT Decoder Online - Decode JSON Web Tokens

JWT token

Decoding runs locally in your browser. Avoid pasting real production tokens unless you fully trust the context.

Result

Token valid

exp: 4102444800

This token expires in about 26859 days.

Main dates

Expires: 2100-01-01 00:00:00 UTC

Issued at: 2024-05-01 10:40:00 UTC

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "user_12345",
  "email": "john.smith@example.com",
  "name": "John Smith",
  "roles": [
    "admin",
    "editor"
  ],
  "iat": 1714560000,
  "exp": 4102444800
}

Signature

demo-signature

Related tools

Estimate payload tokens and cost to estimate payload size and cost before using it in an AI prompt or LLM workflow.
Convert Unix timestamps to convert exp, iat and nbf claims into readable dates.
Encode and decode Base64 to inspect encoded payloads and token-related strings.

How it works

Decode a JSON Web Token directly in your browser. Paste a JWT to inspect its header, payload, claims, expiration time and signature without sending the token to external servers.

Practical examples

Decode a JWT returned by a login API

Paste the access token or refresh token returned by an authentication endpoint to inspect claims such as sub, name, email, roles and permissions.

Try this example →

Check JWT expiration time

Use the exp, iat and nbf fields to understand when a token was issued, when it becomes valid and when it expires.

Try this example →

Inspect JWT payload before debugging or testing

Copy the decoded header and payload when debugging API authentication, authorization issues, OAuth flows or test fixtures.

Try this example →

FAQ

Does this JWT decoder verify the signature?

No. This tool decodes the header and payload so you can inspect the token content, but it does not validate or verify the JWT signature.

Is the JWT sent to a server?

No. Decoding happens locally in your browser, so the token is not sent to external servers.

What JWT fields can I inspect?

You can inspect standard and custom claims such as sub, iss, aud, exp, iat, nbf, roles, permissions and any other payload field included in the token.

Try these tools

URL Encoder/Decoder

Encode and decode URLs for query strings, APIs and redirects.

Base64 Encoder/Decoder

Encode and decode Base64 directly in your browser.

GPS Coordinate Converter

Convert GPS coordinates, generate GeoJSON and build paths from multiple points.

Regex Tester

Test regular expressions with live matches, flags, groups and detailed positions.

← Back to home

Free • No signup • Fast

JWT Decoder Online - Decode JSON Web Tokens

JWT token

Decoding runs locally in your browser. Avoid pasting real production tokens unless you fully trust the context.

Result

Token valid

exp: 4102444800

This token expires in about 26859 days.

Main dates

Expires: 2100-01-01 00:00:00 UTC

Issued at: 2024-05-01 10:40:00 UTC

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "user_12345",
  "email": "john.smith@example.com",
  "name": "John Smith",
  "roles": [
    "admin",
    "editor"
  ],
  "iat": 1714560000,
  "exp": 4102444800
}

Signature

demo-signature

Related tools

Estimate payload tokens and cost to estimate payload size and cost before using it in an AI prompt or LLM workflow.
Convert Unix timestamps to convert exp, iat and nbf claims into readable dates.
Encode and decode Base64 to inspect encoded payloads and token-related strings.

How it works

Decode a JSON Web Token directly in your browser. Paste a JWT to inspect its header, payload, claims, expiration time and signature without sending the token to external servers.

Practical examples

Decode a JWT returned by a login API

Paste the access token or refresh token returned by an authentication endpoint to inspect claims such as sub, name, email, roles and permissions.

Try this example →

Check JWT expiration time

Use the exp, iat and nbf fields to understand when a token was issued, when it becomes valid and when it expires.

Try this example →

Inspect JWT payload before debugging or testing

Copy the decoded header and payload when debugging API authentication, authorization issues, OAuth flows or test fixtures.

Try this example →

FAQ

Does this JWT decoder verify the signature?

No. This tool decodes the header and payload so you can inspect the token content, but it does not validate or verify the JWT signature.

Is the JWT sent to a server?

No. Decoding happens locally in your browser, so the token is not sent to external servers.

What JWT fields can I inspect?

You can inspect standard and custom claims such as sub, iss, aud, exp, iat, nbf, roles, permissions and any other payload field included in the token.