Decode JWT Token Online

Paste a JWT to see its header, payload claims, and expiration.

Decode JWT Token

Understanding JWT Token Structure

A JSON Web Token (JWT) has three parts separated by dots: header (algorithm and type), payload (claims like user ID, roles, expiration), and signature (verification data). Each part is Base64URL-encoded, so you can decode and read the contents without the signing key.

Our decoder splits the token, decodes each part, and displays the claims in a readable format. It automatically converts Unix timestamps (exp, iat, nbf) to human-readable dates so you can quickly check if a token is expired. This is the fastest way to debug authentication issues.

Common debugging scenarios: verifying the exp claim matches your expected token lifetime, checking that iss (issuer) and aud (audience) match your configuration, inspecting custom claims added by your auth server, and comparing tokens from different environments.

Tips

  • JWTs are encoded, not encrypted. The payload is readable by anyone — never include passwords or sensitive PII.
  • The exp claim is in Unix seconds, not milliseconds. Multiply by 1000 for JavaScript's Date constructor.
  • This tool decodes but does not verify signatures. Signature verification requires the secret/public key.
  • If a token doesn't have 3 parts (separated by dots), it's not a valid JWT.

Ready to get started?

Decode JWT Token

New tools every week

Get notified. No spam.

From the makers of JSON Knife

SvelteUI Pro
45+ Svelte 5 components. Copy-paste into your project. From $49.
SvelteShip
Launch your SaaS faster. Auth, Stripe, dashboards — pre-built in SvelteKit. From $49.
MetaScrape API
Extract OG tags, metadata, and JSON-LD from any URL. Free tier included.
AccessiDrop
Accessibility monitoring for agencies. Free scanner. From $15/mo.
QuoteSnap
Professional quotes for tradespeople. Create, send, track. Free to start.