JWT Decoder
Decode JWT header and payload instantly. No verification, no server upload. Works in your browser.
JWTs often look like opaque strings, but troubleshooting authentication usually means checking header and payload claims quickly. This tool helps you inspect exp, iat, nbf, scopes, and user - related values without sending the token to a server.
Related Articles
JSON API Debugging Checklist: Fast Root Cause IsolationUse this API debugging checklist to quickly isolate malformed JSON, encoding issues, and schema mismatches before they hit production.What is Base64 Encoding? A Practical GuideUnderstand Base64 encoding: what it is, why it's used, and how to encode/decode values for APIs, emails, and data URIs.
Help and details
How to use
- Paste the full JWT token into the input area.
- Review the decoded header and payload JSON.
- Inspect standard claims such as exp, iat, and nbf.
- Copy the decoded JSON or claim summary if needed.
Privacy and processing
Decoding happens locally in your browser. Your token is never sent to our servers.
Frequently Asked Questions
Does this verify JWT signatures?
No. This tool only decodes header and payload data. Signature verification requires the correct secret or public key.
Is my token uploaded to a server?
No. Decoding runs entirely in your browser.
Why is my JWT invalid?
A JWT must contain three dot - separated parts, and the header and payload must decode into valid JSON.
What are exp, iat, and nbf?
They are standard JWT claims. exp is expiration time, iat is issued - at time, and nbf is not - before time.
Can I decode encrypted JWTs?
No. Encrypted JWTs require decryption keys and are not readable through simple decoding.
Why do I see strange characters?
The token may not contain UTF - 8 JSON, or it may not actually be a JWT payload.