JWT Decoder

Decode and inspect JWT header, payload, and expiry — locally.

Quick answer: Decode JSON Web Tokens (JWT) online securely. Parse JWT headers, payloads, and check expiration dates locally without sending tokens to a server.

decoded locally — the signature is NOT verified, and the token never leaves your browser

Paste a JSON Web Token to instantly read its header and payload and check the expiry, all decoded locally in your browser. The token is never sent anywhere.

How it works

  1. Paste your raw JWT string into the decoder box.
  2. The browser locally decodes the Base64Url payload and headers into readable JSON.
  3. Check the extracted `exp` timestamp to verify if the token is expired.

Frequently asked questions

Is the cryptographic signature verified here?

No. Verifying a signature mathematically requires your private secret key. This tool merely decodes the base64 claims for inspection.

Is it safe to paste a production JWT here?

Yes, decoding executes entirely in your browser Javascript, so the token is never transmitted. However, you should generally treat live tokens with extreme caution.

What does the exp claim represent?

It is a standard Unix timestamp indicating exactly when the token expires. The tool parses this and flags it for you visually.

More in Developer Tools