100% Free

JWT Decoder

Paste any JSON Web Token to instantly decode and inspect its header, payload, and signature. Timestamps are converted to readable dates automatically.

Frequently Asked Questions

What is a JWT token?

A JSON Web Token (JWT) is a compact, URL-safe token used to securely transmit information between parties. It has three Base64url-encoded sections separated by dots: a header (algorithm and token type), a payload (claims like user ID and expiry time), and a signature (to verify the token hasn't been tampered with). JWTs are widely used for login sessions and API authorization.

Is it safe to decode JWT tokens online?

This tool decodes tokens entirely in your browser — nothing is sent to any server. That said, avoid pasting production tokens containing sensitive user data into any online tool. The JWT payload is only Base64-encoded, not encrypted, so the claims are readable by anyone who holds the token. For testing, use a sample or development environment token.

What does the exp claim mean in JWT?

The exp (expiration time) claim is a Unix timestamp indicating when the token should stop being accepted. For example, an exp of 1735689600 means the token expires on January 1, 2025. This tool automatically converts exp, iat (issued at), and nbf (not before) timestamps into human-readable local date and time so you can tell at a glance whether a token is still valid.